Hi, I was wondering if there are ways to bypass web logons. I've tryed hydra and can crack the user/pass but if its not a basic pair it would be difficult. I'm trying to target php and asp pages.
Any ideas.
Thanks
Printable View
Hi, I was wondering if there are ways to bypass web logons. I've tryed hydra and can crack the user/pass but if its not a basic pair it would be difficult. I'm trying to target php and asp pages.
Any ideas.
Thanks
Normally in this situation injection or xss is used to either add a user to the database or (in the case of MSSQL) spawn a xp command shell
"K Menu, Backtrack, Web Application Analysis, Database (Backend)", the programs that follow will aid you in your quest, learn a little about them.
Yes.Quote:
Originally Posted by pigtail
My idea is that you're trying to do something for which you do not have the necessary information.Quote:
I've tryed hydra and can crack the user/pass but if its not a basic pair it would be difficult. I'm trying to target php and asp pages.
Any ideas.
1) Go learn how HTTP/HTTPS work.
2) Lean how HTML works.
3) Learn how browsers work.
4) Learn how databases, LDAP, and other information stores and authentication mechanisms work.
5) Do some reading over at OWASP.
6) etc.
"Blind Xpath injection attack"Quote:
5) Do some reading over at OWASP.
now just have to learn html and other web langs :)Quote:
XPath is a type of query language that describes how to locate specific elements (including attributes, processing instructions, etc.) in an XML document. Since it is a query language, XPath is somewhat similar to Structured Query Language (SQL). However, XPath can be used to reference almost any part of any XML document without access control restrictions, whereas with SQL, a "user" (which is a term undefined in the XPath/XML context) may be restricted to certain tables, columns or queries.
More information may be found in the article dedicated to XPATH Injection. Using an XPATH Injection attack the attacker is able to log in to the system without entering valid login and password. If he wants to know information about other users he must take one step further. When conducting a Blind XPath Injection attack, the attacker has no knowledge about the structure of the XML document. However his situation is better compared to Blind SQL Injection, because there are functions which allow for performing tests (XML Crawling) and in the end getting to know the document structure.
Risk Factors
TBD
Examples
The attacker may be successful using two methods: Boolenization and XML Crawling. By adding to the XPath syntax, the attacker uses additional expressions (replacing what the attacker entered in the place of login to the specially crafted expression).
Thanks for the pointers, you lot
Checked out OWASP site, read up about the different attack vectors(nice site)..got some googleing to do.