lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 22 Jun 2005 00:22:29 +0200
From: Pablo Fernández <newsclient@...mq.info>
To: Pablo Escobar <slackware77@...il.com>
Cc: pen-test@...urityfocus.com, nessus@...t.nessus.org,
	Bugtraq <bugtraq@...urityfocus.com>
Subject: Re: how to exploit SQL INJECTION?

Well, exploiting a vulnerable SQL Injection site is very easy, you can
do it directly from your browser (even with dillo, links, wget, axel!)
(altough a PERL script is much more confortable).

If nessus told you you have some script vulnerable you can exploit them
hitting with your browser a URL such as
http://<LAN_SERVER_IP>/resources/expand_subject.asp?id='UNION'
That's assuming the script vulnerable is reachable directly using the
LAN IP of the server, if you are using vhost in the HTTP server you
should use it in the previous URL.

I hope this is clear enough, I could have written this message in
spanish, which I guess is your mother tongue, English used for the
mailing's list sake.

Saludos y suerte,
Pablo Fernández


Content of type "message/rfc822" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ