Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Executing PHP Code from MSSQL table

from [Danux] Network Security [Permanent Link]
Subject: Re: Executing PHP Code from MSSQL table
Date: Thu, 18 Oct 2007 16:18:21 -0500 
Ok, let me check and will inform you.

Thanks!!!!

On 10/18/07, Robin Wood <dninja@gmail.com> wrote:

Getting away from code execution but have you tried directory
traversal with this attack. If the image filename comes out of the db
and you can control that db table then you could try putting php
script names in instead. From that you could get some of the site
source and then look for a way to execute your code.

Robin

On 16/10/2007, Danux <danuxx@gmail.com> wrote:

Hi, after testing a PHP-MSSQL app, i am able to insert and update
tables but i can't execute store_procedures, so, i was wondering if
its possible to update a table putting something like: "phpinfo()" or
(passthru("ipconfig")) in order to execute while loading the page?

I mean:

inside the html page the images are taken from database so... in a
black box perspective a think is something like: <img src=$img> and i
know where is the table which reads this image name, then i can update
the table and instead of read something like $img = picture.gif, reads
some thing like "phpinfo();". but as you know this is only a string,
even though if i update the table with: eval("phpinfo();") its also a
string .... so it dont get executed!!

So, i would like you help me, what can i do if i am able to insert,
create and update tables but unable to run store procedures, or bulk
or bcp!!!!!

Thanks!!!

--
Danux, CISSP
Chief Information Security Officer
Macula Security Consulting Group
www.macula-group.com

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------







-- 
Danux, CISSP
Chief Information Security Officer
Macula Security Consulting Group
www.macula-group.com

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Directory Transversal, Lee Lawson
Next by Date:  Re: Directory Transversal, Zed Qyves
Previous by Thread:  Re: Executing PHP Code from MSSQL table, Robin Wood
Next by Thread:  Penetrate internet facing Win2003 server, purianuj
Indexes:  [Date] [Thread] [Top] [All Lists]