In each step, I will take two part, the first part is the request that was make by attacker, the second is query string that target.com used to get the data from database and highlight in the second are texts that make by attacker.
1. Find the vulnerability parameter with any special character or ', "
Request
target.com/users.php?userid='
Query String
select name, nickname from users where
Sunday, 30 October 2011
Friday, 28 October 2011
Executable text files
B y astr0baby
Okay nothing new here, just a trick to load a text file which
is in fact a win32 PE binary. I’ve come across an interesting article
about Alternate Data Streams on this excellent blog : http://www.exploit-monday.com/2011/09/stealth-alternate-data-streams-and.html and decided to utilize ADS in my exercise scenario in which we attack Win7 SP1 32bit.
I’ve
Okay nothing new here, just a trick to load a text file which
is in fact a win32 PE binary. I’ve come across an interesting article
about Alternate Data Streams on this excellent blog : http://www.exploit-monday.com/2011/09/stealth-alternate-data-streams-and.html and decided to utilize ADS in my exercise scenario in which we attack Win7 SP1 32bit.
I’ve
Facebook Attach EXE File Vulnerability
1. Summary:
When using the Facebook 'Messages' tab, there is a feature to attach a
file. Using this feature normally, the site won't allow a user to attach
an executable file. A bug was discovered to subvert this security
mechanisms. Note, you do NOT have to be friends with the user to send them
a message with an attachment.
--------------------------------------------------------------------