April 21, 2008

Cool sql-injection case

People around me may have seen this before , but not everyone . so I`m publishing this here again . It shows you how simple tricks can be effective in unexpected situations . This simple scenario you see below , later opened my way to core internal network while a pen-test back in 2005 .



The lesson you may learn from it : Look EVERYWHERE for EVERYTHING, not just looking for expected behaviors in expected situations . The second way , you`re not acting creatively , causing you to loose many possible opportunities. Finding easy to exploit vulnerabilities is getting harder and harder these days .

No comments:

Post a Comment