######
Info
######

Title : Full MSSQL Injection PWNage
Author : ZeQ3uL && JabAv0C
Team : CWH Underground [www.milw0rm.com/author/1456]
Website : cwh.citec.us / www.citec.us
Date : 2009-01-28

##########
Contents
##########

[0x00] - Introduction

[0x01] - Know the Basic of SQL injection

[0x01a] - Introduction to SQL Injection Attack
[0x01b] - How to Test sites that are Vulnerable in SQL Injection
[0x01c] - Bypass Authentication with SQL Injection
[0x01d] - Audit Log Evasion
[0x01e] - (Perl Script) SQL-Google searching vulnerable sites

[0x02] - MSSQL Normal SQL Injection Attack

[0x02a] - ODBC Error Message Attack with “HAVING” and “GROUP BY”
[0x02b] - ODBC Error …

I was writing a paper on format string vulnerabilities, but while doing some additional research i’ve found the following paper which already explains it all, so i decided to stop writing about format string vulnerabilities and put a link to this paper here:
here’s the paper: /http://doc.bughunter.net/format-string/exploit-fs.html
Exploiting Format String Vulnerabilities
Written by : scut / team teso
* Introduction
* Comparison: Buffer Overflows and Format String Vulnerabilities
* Statistics: important format string vulnerabilities in 2000
* The format functions
* How does a format string vulnerability look like ?
* The format function family
* Use of format functions
* …

Introduction
============
Information gathering on a target is a very important step in the process of evaluating the security of a remote host. This article will deal with many details you can get on a host starting from a simple domain name.
Note: This article will only deal with the information gathering part and won’t go in the process of evaluating the security of the host which I am using as an example here. Indeed I have choosen to use a real host so that this article is more meaningfull. It means I …

there are basically 2 methods you can use to get the Ip of the person
1. you need to make a direct connection with the person so you can get the Ip of the . here are the simple steps to follow
first goto command prompt and type in netstat -n it will give you the ips of all the people your computer is currently connected to under the foreign address . and the localaddress is you
just dont try nothing funny on that .anyways so you got a list of the …

CRLF injection:CR (Carriage Return) and LF (Line Feed) are traditionally commands you may recognize from using typewriters and printers. Carriage Return would send the print head back to the start of the current line, whilst Line Feed moved the paper up one line. So, after completing one line of typing/printing both CR and LF commands would need to be issued to begin printing a new line. CR and/or LF are also used in computer systems for the same purpose and applications that use these commands but do not correctly sanitize …