SQL Injection in Insert, Update and Delete Statements

Filed under SQL Injection
Tagged as , , ,


Most of the time when we talk about SQL injection we extract data by using the union keyword, error based, blind boolean and time based injection methods. All this comes under a place where the application is performing a SELECT statement on the back-end database. How to inject into places where the application is performing an INSERT, UPDATE, DELETE statement? For example, INSERT statements are used in applications when it wants to store IP addresses, user agent strings, referrer URLs and other data within the database. While manipulating with user accounts when creating a new password, changing names, deleting accounts these statements are used. Not only just user input if we can fuzz around into whatever the application is taking as input and if they aren’t properly sanitized to filter we can go ahead and inject (Assuming that there are no WAFs or any blacklists). This paper is based on the MySQL error response. In the web application mysql_error() should be echoed back to us.

Lab Setup

Let’s create a database first by the name `newdb` and create one sample table to practice our injections. Stick to your localhost. Don’t go ahead and test against live websites without prior permission. I take no responsibility for any damage you cause.

Create database newdb;
use newdb
username varchar(20) NOT NULL,
password varchar(20) NOT NULL,

Read More »

Guidelines for Pen-testing a Joomla Based Site

Filed under Pen-Testing and Security
Tagged as , , , ,

Need for this article

This document, “Guideline for Pen-Testing a Joomla based site” has been developed in order to keep the general people aware of the security related information about Joomla. This documentation will explain the testing methodology that must be used to audit Joomla based sites. This guide will help you learn the basic security misconfigurations, vulnerabilities, etc. within Joomla which will further assist you to do better security testing in those sites. This guide will also help you recommend Security Countermeasures to you client for bulletproofing their Joomla based sites.

Introduction to Joomla

There have been lots of CMS systems available for web development like Word press, Drupal, Joomla, etc. still Joomla has its own customers and they are quite handy to work with Joomla as it is quite small, easy, etc.
Working with Joomla is like developing your site in such a way that it can be easily installed, handled and managed. Installing it, selecting a cool theme, setting the layout, modifying the CSS, using some extensions, and the site is ready. However there is another point which must be kept in mind.
Well Security is a state in which we ensure a proper gap between the threats and assets of an organization. We try to either move assets far away from threats or we try to somehow apply good security controls in between the two.
When we talk about Security in Joomla, we have to focus on both Joomla framework and the extensions too. However Joomla itself is quite stable and less probe to attacks, i.e. you will get with some hard time getting a serious attack vector. Most of the time, only some XSS, SQL, LFI, etc. will be identified in the core which are already fixed and patched.

Read More »

Adobe Flash Player Integer Underflow Remote Code Execution

Filed under Exploits and Usage
Tagged as , , ,

This exploit was discovered on 6th May 2014.

This module requires Metasploit: http//metasploit.com/download
Current source: https://github.com/rapid7/metasploit-framework

Description of this exploit:-

This module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before By supplying a specially crafted swf file it is possible to trigger an integer underflow in several avm2 instructions, which can be turned into remote code execution under the context of the user, as exploited in the wild in February 2014. This module has been tested successfully with Adobe Flash Player 11.7.700.202 on Windows XP SP3, Windows 7 SP1 and Adobe Flash Player 11.3.372.94 on Windows 8 even when it includes rop chains for several Flash 11 versions, as exploited in the wild.

Read More »

Exploitation notes on CVE-2014-0160 (Heartbleed Bug)

Filed under New Discoveries
Tagged as , ,
  • The vulnerability is announced to the world 7th April 2014 by a website, OpenSSL Security Advisory and OpenSSL 1.0.1g release.
  • Discovered by Riku, Antti & Matti and Neel Mehta.
  • I searched the page for a web cart.
  • Shortly the next day…
  • Jared Stafford released “ssltest.py”
  • Security Company scrambled to fix.

Read More »

Uploading PHP Shell Through SQL Injection

Filed under SQL Injection
Tagged as , ,

Claimant – A little piece of advice

Article destined to any blackhat on the internet, all source codes and examples must be used for malicious purposes only, sue me for that. Learn with this short piece of information how things work, ’cause we drift toward war… despite the fact that white hats also fight against us (reporting our fake pages and for being prone to identify us for federals) we still can win the struggle, despise the other side. With a scalpel in our hands we’ll overcome the fucking security revealing scandals around the world, inhale the white hat powder. Where do we fit into that? The best thing about this little piece of spam is that it appeals to our blackhat hearts.

Acknowledgement – encore!

I offer this paper to F3rG0, Dark_Side (we were going to give him a plaque, but due to his lack of skill and our lack of money, it’s probably not going to happen), AciDmuD, VooDoo, Cheat Struck, dizziness, blurred vision, eye or muscle twitches and loss of consciousness 🙂 e principalmente para Cleidiane Morais for being in a good mood to love in a moonlit day ,) My nape hurts! The cheat in this paper works perfectly on windows 7, windows vista, windows XP, windows 8 and 9 and etc (of course 😉 I will do this in steps for no readily apparent reason besides to give the reader motion and emotion… with no repentance it will be cool…
“The key to your success is acting before the problem escalates.”

Getting Started

Read More »