Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Injected, whats next

from [Clemens, Dan] Network Security [Permanent Link]
Subject: RE: Injected, whats next
Date: Fri, 18 Aug 2006 14:46:14 -0500 
First identify what version of MySQL is running. Then identify what user
you are running as on the system.

If your lucky you can simply execute system <your command> and the game
is over.

If its not that easy see about viewing more of the database. 

The goal for the client isn't always that you'get root' but to show them
there is a vulnerability, detail what the risk is, and what else could
be leveraged by this hole regardless of how well _you_ can exploit it.

Since you can run select statements see if you can concatenate your
requests to add in other things you may want to do.

-Daniel 

-----Original Message-----
From: Jon Hart [mailto:jhart@spoofed.org] 
Sent: Thursday, August 17, 2006 12:55 PM
To: DokFLeed
Cc: pen-test@securityfocus.com
Subject: Re: Injected, whats next

On Thu, Aug 17, 2006 at 05:41:06PM +0400, DokFLeed wrote:

I am testing a web application, I can run  UPDATE & SELECT Does anyone



know a way to upload a file to a server through MySQL !
does it allow running system commands or a way to dump a file from the



database to the server?
its  LAMP , Linux, Apache, MySQL, PHP
any ideas!!


use 'into outfile'.  You'll be limited by DB and filesystem permissions,
though.  

   select 'foobar' into outfile '/tmp/blahfoo';

-jon

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------


-----------------------------------------
Confidentiality Notice: This e-mail communication and any
attachments may contain confidential and privileged information for
the use of the designated recipients named above. If you are not
the intended recipient, you are hereby notified that you have
received this communication in error and that any review,
disclosure, dissemination, distribution or copying of it or its
contents is prohibited. If you have received this communication in
error, please notify me immediately by replying to this message and
deleting it from your computer. Thank you.


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Injected, whats next, Serg B.
Next by Date:  Re: Injected, whats next, Brendan Dolan-Gavitt
Previous by Thread:  Re: Injected, whats next, Jon Hart
Next by Thread:  Re: Injected, whats next, Serg B.
Indexes:  [Date] [Thread] [Top] [All Lists]