- Full-Time Security Consultant, Part-Time Vulnerability Researcher
- Total Posts
- Posts Per Day
- Total Messages
- Most Recent Message
- 03-02-2012 12:42 PM
- Total Thanks
Thanked 178 Times in 100 Posts
- Last Activity
- 05-16-2013 05:59 PM
- Join Date
Showing Friends 1 to 10 of 10
View amolnaik4's Blog
on 02-07-2012 at 12:19 AM
One of the G4H member mandi from Garage4hackers Forums - Home (my second home) asked few days before about xsssqli attack. He had a scenario where the main site is having a cross-site scripting vulnerability and the admin panel has SQL Injection. The page having sql injection in admin panel is only accessible to admin. The question was is it possible to use xss on main site to exploit sql injection on admin panel to get admin account pwned?
Here is my answer with following scenario:
on 02-03-2012 at 09:53 AM
SQL injection is being one of the mostly exploited issues in web application security and has found a place in OWASP Top 10 since 2004. There are many blog posts, papers available on SELECT query injection exploiting WHERE or HAVING clauses. Today I’m going to discuss SQL injection in INSERT query.
Here is PDF of the same.
SQL Injection in INSERT Query.pdf
Any suggestions, comments are welcome.
on 12-21-2011 at 11:02 AM
This paper is based on the steps I executed to win ClubHack 2011 preCON CTF challenge.
Hope you will like it.
ClubHack 2011, India’s Hacker conference, was held on 3-4 Feb 2011 at Pune, India. They had a pre-conference hacking competition, called as WEBWAR, whose winners can win a free entry to the clubhack event. The winners also qualified to play Treasure Hunt, a physical CTF at clubhack conference.
This post is a walk through for this preCON CTF challenge.