HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 86 guests and 2 members online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Web Applicationsarrow Some questions as usual ?
EH-Net
May 26, 2012, 09:52:42 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Some questions as usual ?  (Read 2136 times)
0 Members and 3 Guests are viewing this topic.
manoj9372
Jr. Member
**
Offline Offline

Posts: 61


View Profile
« on: February 03, 2012, 02:08:37 AM »
I got reading some stuff as usual i ended up with some doubts ,so i decided to ask here,

I am sure most of the guys here knows about xsssqli

Similar to this is it possible to inject xss code through an sql injection?

While thinking about this it has raised some questions in my mind

1)say a web site is vulnerable to sql injection,
is it possible to inject xss code in to the sql vulnerable part and make it vulnerable to xss ?

2)Also can we Introduce All the threee types of xss like persistent,non-persistent and DOM based with this ?

3)In general Assume if a web-application is vulnerable to sqli and xss means ,what are the other possible attacks
we can introduce with those vulnerabilities (like CSRF etc)?

4)And if you like please say a few words about xss as a SERVER SIDE THREAT ,so that i can understand about it as a server side threat,because some of the ppl around me just thinks it as a client side vulnerability that can just damage to client side..

Bear with me Smiley
Logged
ajohnson
Recruiters
Hero Member
*
Offline Offline

Posts: 650


aka dynamik


View Profile WWW
« Reply #1 on: February 03, 2012, 08:16:56 AM »
1) If you are able to execute insert/update statements. There obviously needs to be other flaws available as well (i.e. not encoding output), but this is certainly possible.

2) Think about various scenarios in which information from a database is dynamically used. Writing content and displaying a web page, sending marketing emails, generating links on the fly, etc. Magic Eight Ball says, "All signs point to yes"

3) In general, once you gain a foothold with any technology (web, wireless, systems, network, etc.), you can leverage it for other attacks. CSRF, LFI/RFI, command execution, and so on all become more likely once you identify a vulnerability.

4) http://blog.skeptikal.org/2010/04/apacheorg-hacked-atlassian-fail.html
Logged
WIP: OSCP | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.
Seen
Jr. Member
**
Offline Offline

Posts: 96


View Profile
« Reply #2 on: February 04, 2012, 01:49:59 AM »
If you can get a SQL error message that displays your input, then you might be able to provide a script tag as input to do XSS.  However, this would require that the output isn't sanitized.  More importantly, error messages tend to have a fixed length, so how much XSS you can inject would be limited.
Logged
Sec+, eCPPT
nytfox
Newbie
*
Offline Offline

Posts: 20



View Profile
« Reply #3 on: February 15, 2012, 12:00:33 PM »
Quote from: manoj9372 on February 03, 2012, 02:08:37 AM
I got reading some stuff as usual i ended up with some doubts ,so i decided to ask here,

I am sure most of the guys here knows about xsssqli

Similar to this is it possible to inject xss code through an sql injection?

While thinking about this it has raised some questions in my mind

1)say a web site is vulnerable to sql injection,
is it possible to inject xss code in to the sql vulnerable part and make it vulnerable to xss ?

2)Also can we Introduce All the threee types of xss like persistent,non-persistent and DOM based with this ?

3)In general Assume if a web-application is vulnerable to sqli and xss means ,what are the other possible attacks
we can introduce with those vulnerabilities (like CSRF etc)?

4)And if you like please say a few words about xss as a SERVER SIDE THREAT ,so that i can understand about it as a server side threat,because some of the ppl around me just thinks it as a client side vulnerability that can just damage to client side..

Bear with me Smiley






Im not sure about xsssqli but I do know if the sql injection is a ristricted area for a guest user to reach , you always can use XSS  andf bit of javascript make a automated sql injection script and so the SQL Injection trough admin .
here is a video tut ..
http://www.youtube.com/watch?v=2b0VD4_rg8Q

1. Yes you can . if a page is vulnerable to SQL Injection , You can perform a XSS with SQL Injection . for a example

Code:
"http://victime.com/page,php?id=1 union select 1,0x3c7363726970743e616c65727428226e7974666f7822293c2f7363726970743e,3,4 --"

the code   
Code:
0x3c7363726970743e616c65727428226e7974666f7822293c2f7363726970743e
is in hex . pure code its
Code:
"<script>alert("nytfox")</script>"

2.  It depends on the app

3. yes there is a possibility for that also . but it actually this also depends on the application

4. in to my knowledge you can't attack Server side with just XSS
Logged
Unlike others I love NULLS
http://treasuresec.com
MaXe
Hero Member
*****
Offline Offline

Posts: 507


I've just upgraded myself to a cyborg muahahaa!!1


View Profile WWW
« Reply #4 on: February 15, 2012, 03:56:13 PM »
Quote from: nytfox on February 15, 2012, 12:00:33 PM
4. in to my knowledge you can't attack Server side with just XSS


Some notes about XSS:
- XSS requires a client of some sort, to execute the cross-site script that's being used to attack with.
- When XSS is reflected, it is not persistent and is therefore not stored server-side. When XSS is stored, it's persistent and is therefore stored server-side.
- In order to attack server-side with XSS, a client must be included to execute the malicious script that the attacker created.
- The actions that the XSS script do, can range from simple session hijacking, port scanning, etc., to CSRF attacks that abuses functionality of the website and e.g., injects PHP code into the application via features like templates, plugins, or just the ability to edit files.

About the last note made:
http://www.exploit-db.com/vbseo-from-xss-to-reverse-php-shell/

So it's really the payload of the XSS attack, that determines what is being attacked, besides the client executing it unwillingly  Smiley
Logged
I'm an InterN0T'er
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.188 seconds with 22 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.