Penetration Testing mailing list archives
RE: Injected, whats next
From: "Clemens, Dan" <Dan.Clemens () healthsouth com>
Date: Fri, 18 Aug 2006 14:46:14 -0500
First identify what version of MySQL is running. Then identify what user you are running as on the system. If your lucky you can simply execute system <your command> and the game is over. If its not that easy see about viewing more of the database. The goal for the client isn't always that you'get root' but to show them there is a vulnerability, detail what the risk is, and what else could be leveraged by this hole regardless of how well _you_ can exploit it. Since you can run select statements see if you can concatenate your requests to add in other things you may want to do. -Daniel -----Original Message----- From: Jon Hart [mailto:jhart () spoofed org] Sent: Thursday, August 17, 2006 12:55 PM To: DokFLeed Cc: pen-test () securityfocus com Subject: Re: Injected, whats next On Thu, Aug 17, 2006 at 05:41:06PM +0400, DokFLeed wrote:
I am testing a web application, I can run UPDATE & SELECT Does anyone
know a way to upload a file to a server through MySQL ! does it allow running system commands or a way to dump a file from the
database to the server? its LAMP , Linux, Apache, MySQL, PHP any ideas!!
use 'into outfile'. You'll be limited by DB and filesystem permissions, though. select 'foobar' into outfile '/tmp/blahfoo'; -jon ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------ ----------------------------------------- Confidentiality Notice: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please notify me immediately by replying to this message and deleting it from your computer. Thank you. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- SQL injection (or not?) rr (Aug 08)
- Re: SQL injection (or not?) Mike Klingler (Aug 08)
- Re: SQL injection (or not?) A. Ramos (Aug 09)
- <Possible follow-ups>
- RE: SQL injection (or not?) Isidro Ramon Labrador Rodriguez (Aug 09)
- RE: SQL injection (or not?) Tonnerre Lombard (Aug 09)
- Re: SQL injection (or not?) DokFLeed (Aug 09)
- Injected, whats next DokFLeed (Aug 17)
- Re: Injected, whats next Jon Hart (Aug 18)
- RE: Injected, whats next Clemens, Dan (Aug 18)
- Re: Injected, whats next Serg B. (Aug 18)
- Message not available
- Re: Injected, whats next Serg B. (Aug 18)
- Re: Injected, whats next Brendan Dolan-Gavitt (Aug 18)
- Re: Injected, whats next DokFLeed (Aug 18)