amolnaik4

SQL Injection Via XSS

by
amolnaik4
, 02-07-2012 at 12:19 AM

One of the G4H member mandi from Garage4hackers Forums - Home (my second home) asked few days before about xsssqli attack. He had a scenario where the main site is having a cross-site scripting vulnerability and the admin panel has SQL Injection. The page having sql injection in admin panel is only accessible to admin. The question was is it possible to use xss on main site to exploit sql injection on admin panel to get admin account pwned?

Here is my answer with following scenario: ...

Updated 02-14-2012 at 01:05 PM by amolnaik4

Categories

‎ Uncategorized

4 Comments

Read More

+ Create Blog

Blog Categories
Local Categories
- Uncategorized
Recent Comments
- SQL Injection Via XSS
  by amolnaik4
Recent Blog Posts
- SQL Injection Via XSS
  02-07-2012 12:19 AM
- SQL Injection in INSERT Query
  02-03-2012 09:53 AM
- ClubHack 2011 preCON CTF walkthrough
  12-21-2011 11:02 AM
Recent Visitors

Archive

All times are GMT +5.5. The time now is 04:05 PM.

Powered by vBulletin® Version 4.1.7
Copyright © 2012 vBulletin Solutions, Inc. All rights reserved.
Search Engine Optimization by vBSEO

Copyright 2010 - 2012, Garage4Hackers