How many ways...

The place to kick back, relax, post general bullshit, and grill a few on the BBQ. Whatever doesn't fit into another forum would go here. We periodically go through and move posts to the correct forum, but we do charge a case of Beer every time we have to.
Post Reply
User avatar
SirDice
I've posted HOW many
Posts: 4196
Joined: Mon May 15, 2006 9:59 am
Are you a Spammer: No
Location: Netherlands

How many ways...

Post: # 139401Post SirDice
Wed May 16, 2012 4:21 pm

Can I ask what his friend is doing?

http://forums.freebsd.org/showthread.php?p=177392


Oliver's Law:
Experience is something you don't get until just after you need it.

User avatar
Egaladeist
I am the Eg man : Coo Coo Ca Choo
Posts: 18896
Joined: Sun Dec 25, 2005 1:02 am
Location: Canada

Re: How many ways...

Post: # 139402Post Egaladeist
Wed May 16, 2012 6:10 pm

Is this just an attempt to access his ' friends ' account?

User avatar
SirDice
I've posted HOW many
Posts: 4196
Joined: Mon May 15, 2006 9:59 am
Are you a Spammer: No
Location: Netherlands

Re: How many ways...

Post: # 139418Post SirDice
Mon May 21, 2012 11:16 am

I don't know. He keeps bitching and moaning that his "friend" can login on any MySQL database without using a username/password.

I'd like to see that.. As far as I know that are no known vulnerabilities that would give that kind of access.

So I'm thinking his mate is full of it...
Oliver's Law:
Experience is something you don't get until just after you need it.

User avatar
DaFoxx
DaBOSS
Posts: 8704
Joined: Sun Dec 25, 2005 1:20 am
Are you a Spammer: No
Location: 3rd Rock from the Sun

Re: How many ways...

Post: # 139419Post DaFoxx
Mon May 21, 2012 12:41 pm

there 'used' to be several, old school stuff where the username / password combo 'just' had to be a logical argument

username = 1 + 1 = 2 ------- is a true / valid argument - pass
password = 2 + 2 = 4 -------- is also true / valid, and so you could access D/B

but I can't find details TBH, and I imagine this was the really early days, when security wasn't thought of much, if at all, because everyone back then was so honest :hysterical:

other, stack overflow and the like would need some idea of stack sizes, as you need to fill the stack exactly, by manipulating the data sent as authentication, allowing only your payload to be sent over the top as it were, but that isn't indicated here
Beware of Geeks bearing GIF's :shock:

User avatar
SirDice
I've posted HOW many
Posts: 4196
Joined: Mon May 15, 2006 9:59 am
Are you a Spammer: No
Location: Netherlands

Re: How many ways...

Post: # 139420Post SirDice
Mon May 21, 2012 1:57 pm

You're thinking of SQL injection, where you'd 'trick' a bad query to always return true.

As in entering " ' or 1=1;" as a username so the SQL becomes:

Code: Select all

select * from user where username = '' or 1=1;
Not a problem with MySQL but with badly written web applications. No, or insufficient, user input checking :evil:
Oliver's Law:
Experience is something you don't get until just after you need it.

User avatar
Talen
What is RSI ......... REALLY
Posts: 391
Joined: Wed Mar 07, 2007 5:10 pm
Location: Northern California

Re: How many ways...

Post: # 139428Post Talen
Mon May 21, 2012 4:47 pm

Lazy Web developers should be taken out back and beaten.
"No single raindrop believes it is to blame for the flood."

Post Reply