Pages

Tuesday, November 8, 2011

[Learning] SQL injection - ruxcon training website



Links:
watch the HD video online: http://vimeo.com/f4l13n5now/sqli-ruxcon

Description:

This is Ruxcon WEB Pen Testing Training website (used to practise SQL injection) provided by Louis.

Attacker:
Backtrack 5 R2
IP: 192.168.1.60

Victim:
Photoblog (training website)
IP: 192.168.1.56

vulnerability & exploit:
MySQL based SQL injection

Attacking process:
1, discover the vulnerable services:
use NMAP to probe the opening ports and detect services
nmap -sS -sV -O 192.168.1.56 -v

found the following services:
[1] MySQL database service running on port 3306
[2] HTTP web service running on port 80

2, browes the website and detect the injection point
[1] the potential vulerable URL: http://192.168.1.56/cat.php?id=1

3, test the potential injection point if it has vulerability
[1] numberic based SQL injection test:
try apply the following two URL and check the different response.
URL one "http://192.168.1.56/cat.php?id=1 and 1=2" (response nothing)
vs.
URL two "http://192.168.1.56/cat.php?id=1 and 1=1" (response the normal page)

the test above shows that here is vunerable SQL injection point.

4, exploit the injection point and finally got admin.

Reference:
[1] https://www.owasp.org/index.php/Unrestricted_File_Upload
[2] http://dev.mysql.com/doc/refman/5.0/en/tables-table.html
[3] http://hungred.com/useful-information/secure-file-upload-check-list-php/
[4] http://soroush.secproject.com/blog/2010/03/improve-file-uploaders%e2%80%99-protections-rev-1-0/

2 comments:

  1. Hey. How can i get this ruxcon image??

    ReplyDelete
  2. I enjoyed reading your blog its quite interesting! Seeking for dispensaries worry no more!
    Wonderful Blog! satta king
    Thank for sharing but may also work in your like commercially.
    Ask your dealer for a aggressive offer for a provided service that includes web site style, growth and hostingSattaking
    sattaKing

    ReplyDelete