hi guys,
i have some questions as usual,so tought of asking here

i am trying to understand the parameterized query

here is the simple source link i had used

Now let me explain my understanding,correct me where ever i am wrong

say there is a query logic exists in the application like this

sqlQuery='SELECT * FROM custTable WHERE User=' + Username + ' AND Pass=' + password

and say a user supplies a arbitrary query with the user name it gets executed in the db,(right?)

like this


sqlQuery='SELECT * FROM custTable WHERE User='' OR 1=1-- ' AND PASS=' + password

and say there is a code for parameterized query in the application like this

parameters.add("User", username)
parameters.add("Pass", password)


sqlQuery='SELECT * FROM custTable WHERE User=? AND Pass=?'

And the application sends the username and password from the parameters "user" and "pass" right ?

and even if the user submits the query like this

sqlQuery='SELECT * FROM custTable WHERE User=Nobody OR 1=1'-- AND Pass=?'

(the article says)it wont get executed as a query,i am confused at this point,


i)why this query didn't produce the results that i expect ?

ii) or does the application stores whatever we supply in the"user" and "pass" as a string instead of query in the db?

iii)how secure the parameterized queries are ? and how we can bypass it ?

Thanks for every one who posted here  ,I got the solution 

sorry for the late reply,just now passed my ccna,currently concentrating on rhcsa and rhce,any other tips ?

my goal is not become an administrator,i am more interested in writing and learning queries for becoming a web-app pen tester 

hi guys,
i had recently done a course on LAMP,
i got a decent theoretical understanding about the operations on mysql,
now i am much more interested in focusing  ONLY hands-on training in mysql(Not on theories),but when ever i search
on internet i have been ended up with theory books,
i need resources which focuses only on hands on training in mysql or some mysql related project resources.

hope some one will guide me in right direction 

To the first guy
i am not a school kid 
we need this logic to show that in REAL LIFE that program can produce much faster results than the hardware,that is the main task of this program and TBH i am not a programmer 

And guys when i asked for solutions for this program from other programmers they urged me to use some kind of bit shifting to do this,
and it seems "unicityd" points were right...

hi guys,
here is challenge i got from my friend,i just want to know there is a solution available for this task,

when i enter a number it should display it's equivalent binary number like for 2 = 0010 3=0011,
but the important restriction is "IT SHOULD NOT USE/INVOKE MULTIPLICATION OR DIVISION OF ANY FORM" inside the computer.

is there a solution possible ?

if any one has one please post here...

 

Thanks sh4d0wmanPP for your reply,
i dont have experience to my name as of now,
And i don't have any plans or road maps in my mind,
what i am felt after reading the os book is understanding the theory part isn't a big deal,i am much more interested in enrolling myself in some sort of LINUX/GNU programming course which covers from the basic of os development to kernel and driver development modules,
which i believe is the most essential part,because what ever the OS it is,as a exploiter we just need to jump from user mode to kernel mode,that would be our aim,

And people are saying you need to understand compilers,assembly language etc,i am not sure in which order i should learn it

What i am feeling now is i am looking for some non-programming related articles for understanding the very very basics of the reverse engineering,example like the one available in this forum.(just to create some interest myself)

when comes to finding ,coding and  exploiting the local exploits which is the most preferred language being used ? i know there is python,c and others,i don't know which would be best for the novice like me.

Thanks for the resources 

And i am much more interested in learning exploitation for windows and linux.

If you have the same interest as of me,why can't we learn together ?
i would be happy to have some person with same interest as of me,
if you are interested send me a pm.


And  do you have any road map like resources for "how to become an reverse engg",that would help me a lot 

hi guys,
I got some doubts running in my mind ,so as usual  i decided to post here.

I just finished my ccna,i had a tought when i am doing my ccna,
There are lots of local exploits being published  for operating systems like linux and windows throught the year.

i)But the amount of bugs(local exploitation bugs such as an bof,stack offerflow,race condition bla bla) i had seen for the cisco ios is very rare,it is just an proprietary operating system
why there isn't many such  bugs for cisco ios ?

ii) i dont know what kind of security features make it special,as far as i have searched i had seen some presentations by fx phenoelit other than that i couldn't find any promising materials regarding that ,for me it looks like an area which wasn't explored much(just my personal view,correct me if i am wrong),why is this ?

iii)is there any materials for understanding the internal ios implementations and things ?


Next question  is about how to structure my learning towards local exploitation?

here are the things i had done till now
i)studied operating systems concepts book by "operating system concepts silberschatz" till chapter 14(at least 3 times,so i feel i am ok with the os theory part)
ii)i feel i had good basic understanding about networks,i had completed ccna and rhce training.
iii)regarding coding i am just a novice,i just know what are things and for what it is used(just having some theoretical knowledge)
iv)have basic understanding of web-application technologies and attcks


1)i want some advice from you guys (just another guy asking this 1000th time)how can i continue from here to become good  in writing local exploits and reverse engg?

2)what are the things i should start from here like learning processor,assembly,h/w etc.,i don't know in which order i should begin,hope some one will clarify me..

well my training faculty also said me that time management is the key,as you said i am focusing more on understanding the internal working,but as a beginner what i am feeling is while i am in the training i remember the commands i used in the class and after some time say i finished the class and went to my home and relaxed myself and when i  turn on my computer and boot in to linux,
i couldn't remember some of the options in the command.

for example i learned the ls command,
i know the functionality of the ls command,but when i look  all the attributes used along with the command,it is making me confused and i am feeling a bit tough to remember those attributes

I would like to know when you learned these things,how you coped with those attrributes stuff and all ?

what had you done to remember those command attributes?





how much it costs ? also instead of paying isn't it a good idea to configure those things inside vmware or some thing ?(just to save money )
 just asking a suggestion from you

[/code]

Hi guys as the title saying ,i am preparing for RHCE exams,
As far as now i am learning it from a academy,watching cbts and reading the prescribed book for RHCE.

as far as now i have learned the few  basic modules in there,I am looking for some resources,links or any thing related to RHCE for evaluating myself.

also any one got some useful advice for me ?

I got reading some stuff as usual i ended up with some doubts ,so i decided to ask here,

I am sure most of the guys here knows about xsssqli

Similar to this is it possible to inject xss code through an sql injection?

While thinking about this it has raised some questions in my mind

1)say a web site is vulnerable to sql injection,
is it possible to inject xss code in to the sql vulnerable part and make it vulnerable to xss ?

2)Also can we Introduce All the threee types of xss like persistent,non-persistent and DOM based with this ?

3)In general Assume if a web-application is vulnerable to sqli and xss means ,what are the other possible attacks
we can introduce with those vulnerabilities (like CSRF etc)?

4)And if you like please say a few words about xss as a SERVER SIDE THREAT ,so that i can understand about it as a server side threat,because some of the ppl around me just thinks it as a client side vulnerability that can just damage to client side..

Bear with me

I have been digging with xss in the recent times(i just know the very basics of it),
as usual i had ended up with some questions so tought of asking here

the following are the xss bugs discovered by a pen tester in google before a few months(but now these bugs are fixed)





1)i just got  wondered with these bugs,i know bugs were common and exists every where,
i heard googles application are pretty secured and i am assuming they are developed by secure programmers,
how it is vulnerable to such

simple attacks ? I wonder how they missed to filter such a simple form of xss ,especially the 2nd one?

2)Also i would like to know does google rewards people for a non-persistent xss ?


3)Assume we are trying to penetrate  a web-application for xss injection,and say our xss injectio queries are not working,
how can we determine that it is blocked by the apache or some kind of server or WAF  or it is blocked by the application it self ?

4)And i am beginner,i would like to ask you guys that
do you consider non-persistent xss as a threat ?

5)And i had seen some web-sites having their search bars vulnerable to non-persistent xss,
is there a way to read or write server files through such non-persistent bugs ?

6)does non - persistent xss bug is limited only to client side ?

7)is it possible to inject sql queries in to the server  with non-persistent xss?

8)assume your self as a attacker,
how  would you try to exploit  the non-persistent xss in the web-site?

As the topic says,i had some issues with setting up a reverse php shell

i downloaded this php-reverse shell


And i modified this part



with my ip address  and port 135(that is the only open port i found in my pc during port scan )
i am using xp-sp2 for this purpose.


and i saved the file, and uploaded to the web-host .

and i opened the php-reverse shell in my browser and after that i opened  netcat and typed the following command as mentioned in the tutorial



But i am getting like this


i dont know what went wrong,also i am having dynamic ip,i dont like to set-up the whole thing each and every time,


here are my questions :
1)what is the problem in my set-up
2)and what should i do in order to avoid the uploading and changing the configuration of  php-reverse shell each time?
3)Also does php function restrictions and safe mode if set to ON will have impact on the reverse shell set-up?

4)Or from your experience please suggest me a best way/tutorial to get a reverse shell from the target.
because i would like to play with kernel exploits,execute os commands and other funny things.


hope i will find some help here..



EDIT:

i had successfully resolved the port problem
and but still i couldnt get a sucessfull back connection
may it is happening due to php function restrictions ?

Thanks maxe,It seems unless a attacker finds a critical bug,these configuration exposure should not pose much risk to the particular target,but what i am thinking was,if one of the web-site hosted on a target server has the configuration leak and another site in the shared server has the bug through which an attacker can obtain shell,then this issue will become HOT...


I also asked these same question in some other boards and what people said me "sql wont completely die like the other breed of attacks as we are going not going to abolish the use of database in next generation" and regarding xss they said "xss has not been seen as a  very serious threat by the web-browser developers,so in the future this kind of attack may be reduced,but it wont die like the other attacks"

And yeah i am still following all of your advices ,that is why lot of questions are popping up in my head daily


And i am not sure about the development field,but i would definitely like to ask you this,
secure programmers vs traditional programmers
even tough programmers from both the sides are knowledgable
 who are developing the most  vendor specific web-applications that we are using today ?

And thanks for answering me maxe ,I got lot more to ask you