akkelaro Posted March 2, 2012 Report Posted March 2, 2012 Salutare sunt nou pe aici o intrebare havij este detectabil adica poti fi prins daca il folosesti? Quote
ripoff Posted March 2, 2012 Report Posted March 2, 2012 Programul in sine lasa multe loguri ,cum scapi de ele sau cum iti ascunzi ipul e alta poveste.Si DA poti fi prins daca esti prost ,sunt cateva cazuri si aici pe forum Quote
akkelaro Posted March 2, 2012 Author Report Posted March 2, 2012 Deci ar fi recomandat sa nu fie folosit mai bine un sql injection manual? Quote
malsploit Posted March 2, 2012 Report Posted March 2, 2012 Pune mana si invata sa folosesti sqlmap.Are suport pentru proxy, si este net superior havij.Pentru chestii elementare( aflare db,coloane,tabeluri) este extrem de usor de folosit.Nu-mi fac reclama la blog, dar am scris un tutorial pentru incepatori in limba romana: Security-leaks: Cum sa folosesti Sqlmap Quote
pyth0n3 Posted March 2, 2012 Report Posted March 2, 2012 (edited) Sixth 2012 "penal" awardOff:Daca isp-urile din romania ma angajeaza ca administrator si imi fac o propunere decenta, 90% de pe forum vin arestati de catre garda cu tot cu proxy-urile pe care le folositi si cu tot cu sock-surile private .Garantez eficienta in serviciu.Va bat eu la usa la 7 dimineata si va dau ca premiu un manual de retelistica pe care il puteti rasfoi cu usurinta intre peretii din celula 18 a închisorii de la Jilava. Edited March 2, 2012 by pyth0n3 Quote
jojo123 Posted March 2, 2012 Report Posted March 2, 2012 (edited) Tu ce ai zice daca ai vedea asa ceva in loguri??IP.IP.IP.IP - - [02/Mar/2012:23:49:20 +0200] "GET /index.php?cat=0&area=1&news=999999.9+union+all+select+0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 16 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) Havij"IP.IP.IP.IP - - [02/Mar/2012:23:49:21 +0200] "GET /index.php?cat=0&area=1&news=999999.9+union+all+select+0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 16 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) Havij"IP.IP.IP.IP - - [02/Mar/2012:23:49:21 +0200] "GET /index.php?cat=0&area=1&news=999999.9+union+all+select+0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 16 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) Havij"IP.IP.IP.IP - - [02/Mar/2012:23:49:21 +0200] "GET /index.php?cat=0&area=1&news=999999.9+union+all+select+0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 16 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) Havij"IP.IP.IP.IP - - [02/Mar/2012:23:49:21 +0200] "GET /index.php?cat=0&area=1&news=999999.9+union+all+select+0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 16 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) Havij"//si manual tot cam asa se vede difera ..."viteza" Edited March 2, 2012 by jojo123 Quote
akkelaro Posted March 2, 2012 Author Report Posted March 2, 2012 Eu sunt incepator cu chestiile astea ce tine de securitate si de sql injection sau xss ... Quote
pyth0n3 Posted March 2, 2012 Report Posted March 2, 2012 Eu sunt incepator cu chestiile astea ce tine de securitate si de sql injection sau xss ...Nu ti-am dat premiu pentru ca esti incepator ci pentru faptul ca ai inceput. Quote
Ghett0 Posted March 3, 2012 Report Posted March 3, 2012 E ca fumatul... unii se uita la altii si cred ca e 'cool' Quote
totti93 Posted March 3, 2012 Report Posted March 3, 2012 Havij isi pune amprenta in User-Agent. Si in loc sa folosesti aceste cacaturi, mai bine inveti manual.Cateve intrebari pentru cei care fac SQLi-uri cu Havij si nu numai:1. Cati dintre voi cunoasteti structura limbajului SQL si diferentele dintre MySQL, MsSQL, PostgreSQL, etc. (astea sunt cele mai frecvente)?2. Cati dintre voi stiti ce se intampla is spatele injectiei pe care il face Havij?3. Cati dintre voi ati scris un exploit cand ati vazut ca Havij se caca pe el?4. Cati ati exploatat altfel o vulnerabilitate decat cu un simplu `<...> UNION SELECT col1,col2,... FROM tbl`? Quote
