| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <000101c576d6$a34c1b40$0100a8c0@etonmai.local>
Date: Wed, 22 Jun 2005 05:01:08 +0200
From: Pablo Fernández <newsclient@...mq.info>
To: <julie.holmwood@...l.nessus.org>
Cc: Bugtraq <bugtraq@...urityfocus.com>, pen-test@...urityfocus.com,
nessus@...t.nessus.org
Subject: Re: how to exploit SQL INJECTION?
Well, exploiting a vulnerable SQL Injection site is very easy, you can
do it directly from your browser (even with dillo, links, wget, axel!)
(altough a PERL script is much more confortable).
If nessus told you you have some script vulnerable you can exploit them
hitting with your browser a URL such as
http://<LAN_SERVER_IP>/resources/expand_subject.asp?id='UNION'
That's assuming the script vulnerable is reachable directly using the
LAN IP of the server, if you are using vhost in the HTTP server you
should use it in the previous URL.
I hope this is clear enough, I could have written this message in
spanish, which I guess is your mother tongue, English used for the
mailing's list sake.
Saludos y suerte,
Pablo Fernández
--
This email has been verified as Virus free
Virus Protection and more available at http://www.plus.net
Return-path: <pen-test-return-1078476866-newsclient=teamq.info@...urityfocus.com>
Envelope-to: newsclient@...mq.info
Delivery-date: Tue, 21 Jun 2005 18:14:48 -0400
Received: from codeq by smoke.securenet-server.net with local-bsmtp (Exim4.50)
id 1Dkr15-00088Q-NX for newsclient@...mq.info;
Tue, 21 Jun 200518:14:48 -0400
Received: from [205.206.231.27] (helo=outgoing.securityfocus.com)
bysmoke.securenet-server.net with esmtp (Exim 4.50) id
1Dkr15-00088G-Du fornewsclient@...mq.info;
Tue, 21 Jun 2005 18:14:47 -0400
Received: from outgoing.securityfocus.com by outgoing.securityfocus.com
viasmtpd (for smoke.securenet-server.net [63.247.85.146]) with
ESMTP; Tue, 21Jun 2005 15:14:55 -0700
Received: from lists.securityfocus.com
(lists.securityfocus.com[205.206.231.19]) by
outgoing3.securityfocus.com (Postfix) with QMQP idE8645237558;
Tue, 21 Jun 2005 15:32:40 -0600 (MDT)
Mailing-List: contact pen-test-help@...urityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <pen-test.list-id.securityfocus.com>
List-Post: <mailto:pen-test@...urityfocus.com>
List-Help: <mailto:pen-test-help@...urityfocus.com>
List-Unsubscribe: <mailto:pen-test-unsubscribe@...urityfocus.com>
List-Subscribe: <mailto:pen-test-subscribe@...urityfocus.com>
Delivered-To: mailing list pen-test@...urityfocus.com
Delivered-To: moderator for pen-test@...urityfocus.com
Received: (qmail 25302 invoked from network); 21 Jun 2005 21:44:27 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
b=nfPdNRPwb3vE7129kyAhDdXWF4U2VA1VVOGQSMAXoudmU3AoyYNQveWCHMZs/qGGm5McmZPvncXAW/yz56o6INy3P9/nai7UtaLS5A+eVu7MefFTT7B8FqnKvui30XxW83b4ZZKOTMUApEqMxPrZeLYw6ziajdSHXzKwVvXGXYY=
Message-ID: <fce05b5e0506211406bd92508@...l.gmail.com>
Date: Wed, 22 Jun 2005 00:06:05 +0300
From: Pablo Escobar <slackware77@...il.com>
Reply-To: Pablo Escobar <slackware77@...il.com>
To: pen-test@...urityfocus.com, nessus@...t.nessus.org,
bugtraq@...urityfocus.com
Subject: how to exploit SQL INJECTION?
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Disposition: inline
X-Spam-Level:
X-Spam-Status: No,
score=0.0 required=5.0 tests=none autolearn=ham version=3.0.4
Content-Transfer-Encoding: 7bit
Hello people, I made in my network website server with SQL with
vulnerabilities to learn how to exploit it, I searched in google and i
tried but dont work, the report of the nessus is:
The following URLs seem to be vulnerable to various SQL injection
techniques :
/resources/expand_subject.asp?id='UNION'
/resources/expand_subject.asp?id='UNION'
/resources/expand_subject.asp?id='UNION'
/resources/expand_subject.asp?id='
/resources/expand_subject.asp?id='
/resources/expand_subject.asp?id='
/resources/expand_subject.asp?id='%22
/resources/expand_subject.asp?id='%22
/resources/expand_subject.asp?id='%22
/resources/expand_subject.asp?id=9%2c+9%2c+9
/resources/expand_subject.asp?id=9%2c+9%2c+9
/resources/expand_subject.asp?id=9%2c+9%2c+9
/resources/expand_subject.asp?id='bad_bad_value
/resources/expand_subject.asp?id='bad_bad_value
/resources/expand_subject.asp?id='bad_bad_value
/resources/expand_subject.asp?id=bad_bad_value'
/resources/expand_subject.asp?id=bad_bad_value'
/resources/expand_subject.asp?id=bad_bad_value'
/resources/expand_subject.asp?id='+OR+'
/resources/expand_subject.asp?id='+OR+'
/resources/expand_subject.asp?id='+OR+'
/resources/expand_subject.asp?id='WHERE
/resources/expand_subject.asp?id='WHERE
/resources/expand_subject.asp?id='WHERE
/resources/expand_subject.asp?id=%3B
/resources/expand_subject.asp?id=%3B
/resources/expand_subject.asp?id=%3B
/resources/expand_subject.asp?id='OR
/resources/expand_subject.asp?id='OR
/resources/expand_subject.asp?id='OR
/resources/expand_subject.asp?id=' or 1=1--
/resources/expand_subject.asp?id=' or 1=1--
/resources/expand_subject.asp?id=' or 1=1--
/resources/expand_subject.asp?id= or 1=1--
/resources/expand_subject.asp?id= or 1=1--
/resources/expand_subject.asp?id= or 1=1--
/resources/expand_subject.asp?id=' or 'a'='a
/resources/expand_subject.asp?id=' or 'a'='a
/resources/expand_subject.asp?id=' or 'a'='a
/resources/expand_subject.asp?id=') or ('a'='a
/resources/expand_subject.asp?id=') or ('a'='a
/resources/expand_subject.asp?id=') or ('a'='a
now,how can I exploit it?,somebody can guide me plz?,thank u very
much,good luck.
_______________________________________________
Nessus mailing list
Nessus@...t.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Powered by blists - more mailing lists