[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Some SQL inj and including hints

To: Full disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Some SQL inj and including hints
From: Vladimir Vorontsov <vladimir.vorontsov@xxxxxxxx>
Date: Thu, 14 Jan 2010 16:39:37 +0300

Hi all,

1. On Win systems use short directories names like that:
Progra~1 == "Program Files"
Docume~1 == "Documents and Settings"
if you want to create file in space contained folder using INTO
OUTFILE/INTO DUMPFILE injection/
Example:
http://localhost/inj.php?id='/**/INTO/**/OUTFILE/**/%22C:/PROGRA~1/APACHE/VAR/WWW/index.php%22

In other cases your can't write file using MySQL if their absoute path have
a spaces.

2. Use .phtml extension instead of .php to fraud WebApplicationFirewalls
and filters.
Default apache2 configuration file like this:

<IfModule mod_php5.c>
AddType application/x-httpd-php .php .phtml .php3
AddType application/x-httpd-php-source .phps
</IfModule>

Sorry for my bests English.

-- 
-----------------------------------------------------------------
Best regards!
Vladimir Vorontsov, security expert.
ONsec: turn on security

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] looking for this tools
Next by Date: [Full-disclosure] XSS Vulnerability in Drupal's Node Blocks contributed module (6.x-1.3 and 5.x-1.1)
Previous by thread: [Full-disclosure] [SECURITY] [DSA-1970-1] New openssl packages fix denial of service
Next by thread: [Full-disclosure] XSS Vulnerability in Drupal's Node Blocks contributed module (6.x-1.3 and 5.x-1.1)
Index(es):
- Date
- Thread