Time Based Blind SQL Injection I am not going to talk about Blind SQL injection since this is fully documented across different web sites, check References section at the end of this blog. The reason I am writing this blog is for two main purposes: 1. Bug Hunting: To explain the process I followed to discover a "not-easy-to-find" vulnerability. 2. Exploit form scratch: To release a tool to extract data from the Data base via ..
SQL Error Base SQL Injection 1. NASA Full-Disclosure! AGAIN #Important Ok. First of all, I want to say I made this SQLi public(even though I didn’t wanted to do this), because I saw that somebody else found the vulnerable parameter. I found this SQLi 3 months ago… #Why I test websites ? Because this is my hobby and I want to prove that even big websites which should be very secure, can be hacked, and this is true and sad at..
MySQL 4.1 이후 사용자 패스워드 저장 방식 변경 에러메시지 : Client does not support authentication protocol requested by server; consider upgrading MySQL client mysql> SET PASSWORD FOR root@localhost = OLD_PASSWORD('비밀번호'); Query OK, 0 rows affected (0.02 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) ==== mysql4.0 이하를 사용하는 서버에서 mysql4.1 이상을 사용하는 서버의 데이타를 가져올 경우 1. PHP 업그레이드 2. DB 업데이트 * UPDATE mysql.user SET Password = OLD_PA..