Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

While fuzzing a web application, the authors of the post noticed something weird. When putting one single quote (') in a field for time, a 400 error occurred. However, when putting two single quotes ('') into the field, the request returned a valid response!

The functionality indicated a SQL injection vulnerability. While trying to exploit the vulnerability, they kept getting 403's from the proxy.

Instead of attacking the live production server for the client, they installed a clean version of the software. While crafting the payload they could see error messaging on the running application, which made exploit development much easier.

To bypass the filtering, they simple sprinkled in /**/ comments within the attack query. Can we take this further?

The authors noticed that the running user in Postgres was root. Additionally, stacked queries was enabled, making exploitation much easier. By using the stacked query functionality to call COPY command (known technique)to run shell commands.

Overall, good find! I do find it strange this started from a pentest... it's cool they found the bugs but it seems like a weird use of time.