I just watch the video for that...
http://www.milw0rm.com/#
Is it showing how to get into someone else computers if they have a website?
I get that.. what he did was something like this... He made a Username and pass or something and just logged in using Remote Desktop...
So If i am right? He is now into the other person computers.. where he can do what ever he wanted? can the other person see if your doing something on their monitor?
www.milw0rm.com--Rooting SQL Server via SQL Injection??
- Losing_grip
- Fame ! Where are the chicks?!
- Posts: 485
- Joined: 22 Apr 2007, 16:00
- 17
- Location: Behind Socks5
Re: www.milw0rm.com--Rooting SQL Server via SQL Injection??
this is a sql injection exploit it just adds an admin userseneye wrote:I just watch the video for that...
http://www.milw0rm.com/#
Is it showing how to get into someone else computers if they have a website?
I get that.. what he did was something like this... He made a Username and pass or something and just logged in using Remote Desktop...
So If i am right? He is now into the other person computers.. where he can do what ever he wanted? can the other person see if your doing something on their monitor?
to the box if its running on widows then you can login through remote desktop and no i dont think they can see what your doing i think it lock's them out
well thats what i normally does with remote desktop
and actual its 4 clicks then "access granted" but i dont think
you will find any exploitable boxes they will all be patched
- Lyecdevf
- cyber Idi Amin
- Posts: 1222
- Joined: 16 Mar 2006, 17:00
- 18
- Location: In between life and death.
- Contact:
Re: www.milw0rm.com--Rooting SQL Server via SQL Injection??
I guess if they are running there own web server and are not hosting it some where else. In that case if you can get root on the website you can continue escalating your privelages until you get admin or root on the webserver. From there you could hack into other computer on the network. You would have to deal with hardware firewalls, software firewalls, IDS,...and so on.seneye wrote:Is it showing how to get into someone else computers if they have a website?
We will either find a way, or make one.
- Hannibal
- Hannibal
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
the default setting for MySQL servers is to bind to localhost (127.0.0.1), so you can't connect to it from the outside anyway (port 3306 shows up as open, but there is no use for a potential attacker because MySQL only accepts connections from 127.0.0.1).
so the opportunities to "root" a MySQL server should be really rare and only possible because of catastrophic misconfiguration. if the server admin is halfway skilled he will also take actions to block sql injection attempts...
so the opportunities to "root" a MySQL server should be really rare and only possible because of catastrophic misconfiguration. if the server admin is halfway skilled he will also take actions to block sql injection attempts...