SQL Injection && ASM hints / tuts
Hi If I found a sql injection hole how do I make a shell or lass list out of it?
I am able to login User: 1'1 PAss: fubar
Were can I find information about Asm and sploits that I can understand Articels like this: Metasploit: SMB2: 351 Packets from the Trampoline ?
Any Hints or tuts for me?
Depends on what host Operating System is being used and what DBMS is running. There's lots of papers about SQL Injection out there, ask Google to direct you to the appropriate one after you find out the answers to the previous questions.Originally Posted by *YAPP*
Start reading about how to exploit buffer overflow vulnerabilities. Theres some links in my last post to AnActivists "Pentesting Documentation" thread.
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
Hi can't find user AnActivists please give me a link.
It is a apache 2.2 PHP 4.4 LInux system
Do you got somme good tutorials for me I just know the Exploits of Milworm were you enter a URI and you get a list of User + PWs. I want to make things like this by my self...
Here
You need to know the DBMS type as well. MySQL is most likely for a Linux/Apache/PHP site, but others are possible.
I have read a few papers on the subject, however I didn't keep note of the links because they were rather easy to find using Google. (Hint.)
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
It use mysql. I ask here because I look for RECOMAND tuts xD
Do you mean this Link?
http://forums.remote-exploit.org/new...ntation-6.html
sry I don't get the point... Were do you post the links?
Id recommend the tutorials that you can find easily in Google. Search for "SQL injection" and start with the ones on the first results page. Also have a look on the OWASP wiki. Once you want to get more specific then start searching using your DBMS and/or OS name. You will then probably also want to learn a bit of your specific DBMSs SQL language.
That thread, yes, but not that particular page.
The links are in the last post I made to that thread. Right here.sry I don't get the point... Were do you post the links?
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
your links are brocken...
It's the same link that you posted above only difference is that his link points to post number 121 in the thread or as was stated twice his last post in said thread. And as for the link itself it works for me.
Try again.
To be successful here you should read all of the following.
ForumRules
ForumFAQ
If you are new to Back|Track
Back|Track Wiki
Failure to do so will probably get your threads deleted or worse.
MadIrish.net
pointd to the homepage of MadIrish.net
http://www.corelan.be:8800/index.php...torial-part-1/
Error 404 - Not Found
http://www.corelan.be:8800/?s=buffer+overflow+tutorial
http://www.corelan.be:8800/?s=writing+exploits
Funny thing was/is your right the links do no longer work. However on the same page on the right hand side the above two links are listed .
Exploit writing tutorial and Writing exploits.
As for the madirish I will let you look that one up.
To be successful here you should read all of the following.
ForumRules
ForumFAQ
If you are new to Back|Track
Back|Track Wiki
Failure to do so will probably get your threads deleted or worse.
Posting Permissions
