LinkBack URL
About LinkBacksFound this image in the Junkyard. Check it out. Has all sorts of MySQL and header data in the $_GET value, lol. You could set this to be anything. I'm wondering if blobheadervalue2 takes external URLs. Or what custom headers could be sent to do something worthwhile.
I tried changing blobtable to MungoBlobs; DROP TABLE MungoBlobs, but to no avail. You guys can prolly find something if you tried. It's freakishly late, so I don't have time to think, so good luck. Figured I'd share this, as I found it hilarious considering it's on a government website.
http://images.military.com/cs/Satell...&ssbinary=true
images.military.com/cs/Satellite
?blobcol=urldata
&blobheadername1=Content-Type
&blobheadername2=Content-Disposition
&blobheadervalue1=image/jpeg
&blobheadervalue2=inline;filename%3DSmartWeapon_11 1109.jpg
&blobkey=id
&blobnocache=false
&blobtable=MungoBlobs
&blobwhere=1209982875284
&ssbinary=true
Results 1 to 12 of 12
Thread: Military.com URL injection
- 22 Nov. 2009 08:43am #1
Military.com URL injection
- 22 Nov. 2009 03:33pm #2
Wait I don't get what your saying.
Did you take that picture or something.
- 22 Nov. 2009 08:19pm #3
No. It's from the military official website. But the URL to the picture allows you to modify a lot of the server-side variables, which is stupid and exploitable. If you aren't familiar with server-side variables, don't worry about it.
- 23 Nov. 2009 01:00am #4Mr. Aids
- Age
- 30
- Join Date
- Nov. 2009
- Location
- Anaheim, California
- Posts
- 1,065
- Reputation
- 99
- LCash
- 200.00
blobkey looks the most exploitable, if it is what I think it is you should be able to put your inject right there with ease.
Originally Posted by GAMEchief 
Originally Posted by La Vie Cruelle
- 23 Nov. 2009 01:02am #5
Seems a bit risky but I've been messing around with it. You can get it to give you a bit of info but none of it is to use.
Most likely the person above and below me is a weaboo.
Oh yeah and I program so if need anything just request it and I might get around to it.
- 23 Nov. 2009 03:05am #6 I was thinking blobtable, but yes, blobkey would be great at sniffing information. Especially if you changed Content-Type to text/html. Originally Posted by Chris
I'm having no luck without seeing how the information is parsed, though. It just keeps giving me server errors. >=[Last edited by GAMEchief; 23 Nov. 2009 at 04:51am.
- 23 Nov. 2009 03:44am #7
Oh shit. I thought at first you were trying to hack the Military... I was like you are a dumb fuck... then I got that it just appears different to you. xD. Good job. xD
Originally Posted by La Vie Cruelle
- 23 Nov. 2009 04:54am #8 If one could get the SQL injection t Originally Posted by BooBearSH
rk, one could actually hack the military. But going as blindly as one must, it's pretty impossible to figure out where things are and what protection there is against it.
Like you're in a room - a huge room. And somewhere on the wall is a button that will give you access all military information in this specific database (which we don't know what all is in it). But you're blindfolded and the room is full of holes, pits, and non-vital traps. It could take forever, and is virtually impossible, but possible to find that button.
And it would be very possible, but it seems that have SQL injection protection against DROP TABLE (not surprising).
The question is merely how much protection do they have and how does one bypass it.
- 23 Nov. 2009 07:11am #9Mr. Aids
- Age
- 30
- Join Date
- Nov. 2009
- Location
- Anaheim, California
- Posts
- 1,065
- Reputation
- 99
- LCash
- 200.00
I was thinking is it possible they have it set up to a set amount of possible inputs and you cannot properly inject because they are not one of those set possibilities? Originally Posted by GAMEchief If one could get the SQL injection trk, one could actually hack the military. But going as blindly as one must, it's pretty impossible to figure out where things are and what protection there is against it.
Like you're in a room - a huge room. And somewhere on the wall is a button that will give you access all military information in this specific database (which we don't know what all is in it). But you're blindfolded and the room is full of holes, pits, and non-vital traps. It could take forever, and is virtually impossible, but possible to find that button.
And it would be very possible, but it seems that have SQL injection protection against DROP TABLE (not surprising).
The question is merely how much protection do they have and how does one bypass it. Originally Posted by La Vie Cruelle
- 23 Nov. 2009 02:05pm #10
Possibly, but if that were the case, I'd imagine they'd just use numerical IDs instead of text references.
- 23 Nov. 2009 07:26pm #11Mr. Aids
- Age
- 30
- Join Date
- Nov. 2009
- Location
- Anaheim, California
- Posts
- 1,065
- Reputation
- 99
- LCash
- 200.00
Yeah that's why I was arguing with myself about that Originally Posted by GAMEchief 
It just trips me out to think there would be that large of a vulnerability, for images. Originally Posted by La Vie Cruelle
- 05 Jan. 2010 04:09pm #12
wow thats pretty smart GameChief good find
Reply With Quote
