Showing posts with label RFI. Show all posts
Showing posts with label RFI. Show all posts

Wednesday, 25 January 2012

Injecting Insert statements: MySQL error based injection

Exploring my options

One night while banging injection payloads into a random page I suddenly found myself in an insert statement! This is when I got the idea to use insert statements for MySQL error based injection vectors.

Some people might be wondering why on earth would one would want to inject an insert? Would that even work?

The answer is YES! you can use INSERT statements to leak data via Error based injection much like people already do using SELECT statements

Ordering Remote File inclusion via e-mail

I just briefly discussed Local File Inclusion in this article and more importantly to that you can use to turn an LFI into an Remote File Inclusion (or Remote Code injection)

This method, abuses the way e-mail is stored on Linux servers, (when a certain kind of Mail Delivery Agent is in use) and helps to propagate a RFI attack on a server with a LFI vulnerability, or create an RFI attack vector when one doesn't exist