Showing posts with the label HTTP Response Splitting

Injecting javascript via MySQL error based injection

I've written about this in a couple of other articles, but I needed it to be on my new blog because it makes a good attack especially when dealing with MySQL databases, because:

MySQL on *nix servers can be configured pretty well, making access to the database very difficult and therefore pwnage can be very difficult!!You have the ability to extend MySQL Error based injection into other attacks that may not be viable on the web application like:non-persistent XSSDefacement of the siteHTTP parameter pollutionDDos (more on this in another post!!) ---using this web application to make requests to other servers at the expense of the person visiting the page


Show more