![[s]](http://www.garage4hackers.com/avatars/%5Bs%5D.gif?dateline=1333021046&type=thumb)
One of the G4H member mandi from Garage4hackers Forums - Home (my second home) asked few days before about xsssqli attack. He had a scenario where the main site is having a cross-site scripting vulnerability and the admin panel has SQL Injection. The page having sql injection in admin panel is only accessible to admin. The question was is it possible to use xss on main site to exploit sql injection on admin panel to get admin account pwned?
Here is my answer with following scenario:
SQL injection is being one of the mostly exploited issues in web application security and has found a place in OWASP Top 10 since 2004. There are many blog posts, papers available on SELECT query injection exploiting WHERE or HAVING clauses. Today I’m going to discuss SQL injection in INSERT query.
Here is PDF of the same.
SQL Injection in INSERT Query.pdf
Any suggestions, comments are welcome.
Cheers,
AMol NAik
This paper is based on the steps I executed to win ClubHack 2011 preCON CTF challenge.
Hope you will like it.
ClubHack 2011, India’s Hacker conference, was held on 3-4 Feb 2011 at Pune, India. They had a pre-conference hacking competition, called as WEBWAR, whose winners can win a free entry to the clubhack event. The winners also qualified to play Treasure Hunt, a physical CTF at clubhack conference.
This post is a walk through for this preCON CTF challenge.
To Change OAuth Target URL & Domain Description Can be achieved using Clickjacking Vulnerability . Status: Fixed OAuth is cool and simple to understand developer can integrate with Google 's...
Liked On: 05-10-2013, 10:18 AM
bWAPP or a buggy web application is a free and open source web application build to allow security enthusiasts, students and developers to better secure web applications bWAPP - a buggy web...
Liked On: 03-23-2013, 11:06 AM
Sometime back, I found an open redirect vulnerability in Facebook mobile site (http://m.facebook.com) According to OWASP: So typically what happens in Facebook is that whenever you try to...
Liked On: 02-22-2013, 04:51 PM
On 28th December 2012 I found a Blind SQL Injection vulnerability in the Paypal Notifications (https://www.paypal-notify.com) This bug allowed me to access the database of Paypal Notifications...
Liked On: 02-02-2013, 10:42 PM
Theexploit code for PHP
Liked On: 01-12-2013, 10:42 PM
Hi Friends & All Big Bros Yesterday i received my first white hat bounty from etsy.com for finding (http://www.jaygadkar.com/2013/01/password-reset-vulnerability-in-etsycom.html)password related...
Liked On: 01-09-2013, 10:33 PM
Abstract: iOS applications share common set of classes and highly depends on the operating system solutions for data communication, storage and encryption. Solely depending on the Apple...
Liked On: 12-09-2012, 11:59 AM
Hello Hackers; How are you doing ! Well .. My office people were facing an issue with Nmap scans for a large number of hosts. The issue was that, if an Nmap scan is ran for lets say a hundred...
Liked On: 12-05-2012, 10:18 PM
# Vulnerability Title: Secondary Email Addition & Deletion Via Click Jacking in Linkedin # Website Link: [Tried on Indian version] # Found on: 06/08/2012 # Author: Ajay Singh Negi # Version:...
Liked On: 09-16-2012, 01:17 PM
Summary A Clickjacking vulnerability existed on Google Website Translator that allowed an attacker to add a translate editor by redressing the editor management page. Details Google Website...
Liked On: 08-28-2012, 11:27 PM
Hi Friends, This is a Internet Explorer 9/10 Null Pointer vulnerability PoC (DoS). after long enough analysis and digging into this finally decided to make this public. its a Null Pointer not...
Liked On: 08-27-2012, 10:26 PM
I stopped blogging when I realized that the articles I put up here could be turned into papers and I could use that to speak at conferences[#travel-the-world #meet-people ] . And therefore frequency...
Liked On: 08-16-2012, 08:05 PM
http://conference.hitb.org/hitbsecconf2012ams/wp-content/themes/hitbsec/images/logo.jpg Here goes my second part the HITB ventures , could read the BLackhat diary form here...
Liked On: 07-18-2012, 07:55 PM
http://blog.fortinet.com/wp-content/uploads/2012/02/Black-Hat-Europe.jpg I was pretty caught up with few office, personal stuffs that I could not find time to blog on my BlackHat ventures . ...
Liked On: 07-10-2012, 10:12 PM
Hi All, After almost more than 8months Symantec finally released patch for the Local Privilege Escalation Bug reported to them.(Disappointed) Tested Platform: Windows XP SP2 English Windows...
Liked On: 05-23-2012, 11:24 AM
Forum Threads
Home Page
Find latest posts
View Articles
View Blog Entries
Likes Received (127)
Dumps Of Original Base With Good...
Today, 01:12 PM in Hacking for Beginners