tag:blogger.com,1999:blog-24614509198797313562012-01-24T12:19:34.514-08:00- C8H10N4O2Redator Adminnoreply@blogger.comBlogger21100tag:blogger.com,1999:blog-2461450919879731356.post-65744620041658292992012-01-23T07:47:00.000-08:002012-01-23T08:03:14.863-08:00<span style="font-family: 'Courier New', Courier, monospace;">SQL Injection só é possível quando o site te informa qual o erro que o banco de dados caso não seja possível fazer a consulta no banco de dados.</span><br /><b><span style="font-family: 'Courier New', Courier, monospace;"><br /></span></b><br /><b><span style="font-family: 'Courier New', Courier, monospace;">Por exemplo:</span></b><br /><b style="color: red; font-family: 'Courier New', Courier, monospace;">&lt;?php</b><br /><span style="color: red; font-family: 'Courier New', Courier, monospace;"><b>$id = $_GET['id'];</b></span><br /><span style="color: red; font-family: 'Courier New', Courier, monospace;"><b>$q = "SELECT * FROM noticias WHERE id = '$id'";</b></span><br /><span style="color: red; font-family: 'Courier New', Courier, monospace;"><b>$r = mysql_query($q) or die(mysql_error());</b></span><br /><span style="color: red; font-family: 'Courier New', Courier, monospace;"><b>?&gt;</b></span><br /><span style="font-family: 'Courier New', Courier, monospace;">Como vimos ali, caso não seja possível enviar a consulta ao MySQL, o script é interrompido exibindo a mensagem de erro da operação enviada ao MySQL.</span><br /><span style="font-family: 'Courier New', Courier, monospace;"><br /></span><br /><span style="font-family: 'Courier New', Courier, monospace;">Se eu entrar em <b><span style="color: red;">http://www.fvox.com/noticias.php?id=10%27</span></b></span><br /><span style="font-family: 'Courier New', Courier, monospace;"><br /></span><br /><span style="font-family: 'Courier New', Courier, monospace;">(lembrando que<b> %27</b> equivale a uma aspa simples ').</span><br /><span style="font-family: 'Courier New', Courier, monospace;"><br /></span><br /><span style="font-family: 'Courier New', Courier, monospace;">A query a ser enviada seria a seguinte:</span><br /><b><span style="color: red; font-family: 'Courier New', Courier, monospace;">SELECT * FROM noticias WHERE id = '10''</span></b><br /><b><span style="font-family: 'Courier New', Courier, monospace;"><br /></span></b><br /><span style="font-family: 'Courier New', Courier, monospace;">A aspa inserida na URL iria modificar a sintaxe da consulta, então a função <b>mysql_error()</b></span><br /><span style="font-family: 'Courier New', Courier, monospace;">retornaria algo parecido com:</span><br /><span style="font-family: 'Courier New', Courier, monospace;"><br /></span><br /><span style="color: red; font-family: 'Courier New', Courier, monospace;"><b>Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in (LOCAL DA VULNERABILIDADE) on line 4</b></span><br /><br /><span style="font-family: 'Courier New', Courier, monospace;">É claro que o servidor pode emitir outros erros, mas desde que exiba um erro, já é</span><br /><span style="font-family: 'Courier New', Courier, monospace;">alguma coisa para que você possa realizar seus <b>PENTESTS</b> com grande esperança, o que te motiva bastante.</span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2461450919879731356-6574462004165829299?l=chaossecurity.blogspot.com' alt='' /></div>Redator Adminnoreply@blogger.com0tag:blogger.com,1999:blog-2461450919879731356.post-72042731233186505812012-01-21T10:13:00.000-08:002012-01-23T08:08:30.023-08:00<div style="text-align: justify;"><span style="font-family: 'Courier New', Courier, monospace;">Sou Jm4n e resolvi cria um blog pra posta, algo sobre sql injection attacks, sites vulneráveis, e coisas do tipo</span></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><div class="separator" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" src="https://si0.twimg.com/profile_images/1720839588/jman.jpg" /></div><div style="text-align: center;"><span style="font-family: 'Courier New', Courier, monospace;"><b>Aguardem</b></span></div></div><div style="text-align: justify;"><div style="text-align: center;"><b><span style="font-family: 'Courier New', Courier, monospace;"><br /></span></b></div></div><div style="text-align: center;"><b><span style="font-family: 'Courier New', Courier, monospace;"><br /></span></b></div><div style="text-align: center;"><b><span style="font-family: 'Courier New', Courier, monospace;"><br /></span></b></div><div style="text-align: center;"><b><span style="font-family: 'Courier New', Courier, monospace;">Sigam:</span></b></div><div style="text-align: center;"><b><span style="font-family: 'Courier New', Courier, monospace;"><br /></span></b></div><div style="text-align: center;"><b><a href="https://twitter.com/jm4n_" target="_blank"><span style="font-family: 'Courier New', Courier, monospace;">@JM4N_</span></a></b><br /><b><span style="font-family: 'Courier New', Courier, monospace;"><br /></span></b><br /><b><a href="https://twitter.com/ls098ms_" target="_blank"><span style="font-family: 'Courier New', Courier, monospace;">@LS098MS_</span></a></b></div><div style="text-align: center;"><b><span style="font-family: 'Courier New', Courier, monospace;"><br /></span></b></div><div style="text-align: center;"><b><span style="font-family: 'Courier New', Courier, monospace;">Parceiros:</span></b></div><div style="text-align: center;"><b><span style="font-family: 'Courier New', Courier, monospace;"><br /></span></b></div><div style="text-align: center;"><b><a href="https://twitter.com/the_fernandinho" target="_blank"><span style="font-family: 'Courier New', Courier, monospace;">@The_Fernandinho</span></a></b></div><div style="text-align: center;"><b><span style="font-family: 'Courier New', Courier, monospace;"><br /></span></b></div><div style="text-align: center;"><b><a href="https://twitter.com/lucas_walter" target="_blank"><span style="font-family: 'Courier New', Courier, monospace;">@Lucas_Walter</span></a></b></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2461450919879731356-7204273123318650581?l=chaossecurity.blogspot.com' alt='' /></div>Redator Adminnoreply@blogger.com0