.

DVWA medium dificulty filter evasion question

<<

jinwald12

User avatar

Jr. Member
Jr. Member

Posts: 77

Joined: Thu Nov 05, 2009 5:42 pm

Post Mon Jul 25, 2011 6:01 pm

DVWA medium dificulty filter evasion question

hi i am new to web app testing and am practicing with Damn Vulnerable Web App. i am focusing on SQL injection because that seems to be the most common attack vector these days. i was able to handle the easy difficulty setting no problem now i set it to medium and it seems that now it tacks a \ to the end of the user input to filter out SQL injection. what is the best way to bypass such filters i saw a article on this on http://ha.ckers.org/ but it did not make sense to me. can some one help?
where did all the fun go?
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Tue Jul 26, 2011 11:55 am

Re: DVWA medium dificulty filter evasion question

There are numerous ways to bypass filters. Most of them are encoding, such as hexadicmal or unicode entities. (ie. %XX or %u00XX)

Also, sometimes you can use double-byte characters. Where two characters may not filtered such as '? (there's a special character like this, it only works with mysql_escape_string(), and there's also some tricks to bypass addslashes too. Google for them!  ;) )

So, these are pretty common, however it also depends on the implementation of the "security". For example, a pseudo query like this would be insecure: SELECT lolcats FROM hats WHERE (id=$USERINPUT);

This is because the attacker, even if ' and " has a backslash appended, can just end the parentheses and inject his own code like this: ) UNION SELECT 0x41414141 FROM blah and so forth.

There's a lot of tricks, and a good book to read besides numerous articles you can find on google by searching for "encoding", "bypass", etc., is The Web Application Hackers Handbook. It will probably help you a lot  ;)
I'm an InterN0T'er
<<

manoj9372

Jr. Member
Jr. Member

Posts: 72

Joined: Mon Oct 05, 2009 8:54 am

Post Mon Aug 22, 2011 11:00 am

Re: DVWA medium dificulty filter evasion question

I found this for you
  Code:
http://yehg.net/encoding/


i am not at all good at these ,but i feel it would be handy for u :)
<<

jinwald12

User avatar

Jr. Member
Jr. Member

Posts: 77

Joined: Thu Nov 05, 2009 5:42 pm

Post Fri Oct 07, 2011 1:23 am

Re: DVWA medium dificulty filter evasion question

i found an easier way if it appends a
  Code:
 '
to the beginning naturally make your input
  Code:
 1 UNION SELECT user, password FROM users --
so that way it is executed as a query because it automatically apends the open quote at the beginning  at least that works in this particular situation  now the issue i am having with the hard setting is it returns no error message even though it is not blind SQL injection so i am guessing the SQL ORDER BY query is the way to go maybe that will return a error i will keep playing around with it OWASP did a great job with this VM alot of fun stuff
Last edited by jinwald12 on Mon Oct 10, 2011 5:46 pm, edited 1 time in total.
where did all the fun go?

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software