Showing posts with label HTTP Response Splitting. Show all posts
Showing posts with label HTTP Response Splitting. Show all posts

Sunday, 22 January 2012

Injecting javascript via MySQL error based injection

I've written about this in a couple of other articles, but I needed it to be on my new blog because it makes a good attack especially when dealing with MySQL databases, because:

  • MySQL on *nix servers can be configured pretty well, making access to the database very difficult and therefore pwnage can be very difficult!!
  • You have the ability to extend MySQL Error based injection into other attacks that may not be viable on the web application like:
    • non-persistent XSS
    • Defacement of the site
    • HTTP parameter pollution
    • DDos (more on this in another post!!) ---using this web application to make requests to other servers at the expense of the person visiting the page