SlideShare a Scribd company logo

Fatcat Automatic Web SQL Injector by Sandeep Kamble

Download as PPTX, PDF
ClubHack
ClubHack

What is FatCat Sql injector: This is an automatic SQL Injection tool called as FatCat. Fatcat Purpose? : For testing your web application and exploit your application into more deeper. FatCat Support: 1)Mysql 5.0 FatCat Features? Union Based Sql Injection Error Based Sql Injection MOD Security Bypass (WAF)

Technology
1 of 22
FatCat V2– Automatic Web [S]QL-Injector Sandeep Kamble AKA [S] Parason INC Blog : http://sandeepkamble.com Twitter: @SandeepL337
# /usr/bin/whoami •Narcissistic Vulnerability Pimp (aka Security Researcher for fun) •Listed in Google , Facebook , Twitter , Drop box , Cloud flare , 500px , Lynda.com , Central Desktop Security Pages. •Ahhh ? What are those Vulnerabilities •Member of Garage4hackers.com & you can find POC @G4h.
Index •Introducing FatCat Beta 2 •SQL Injection in Brief • FatCat Injgredients 1) DB Information & server Information gathering. 2) Normal SQL injection. 3) Error Based SQL injection. 4) WAF (Web Application Firewall)Bypass functions. •C-Style Mysql comment WAF Bypass •Buffer overflow WAF Bypass •CRLF WAF Bypass •Bypass with Information_schema.statics •Bypass with Information_schema.key_column_usage 5) Countermeasures 6) Demo
Provide Good Advise for Good People Warning! : FatCat is being used for security research. All PHP files will be infected and all yours data will be collected. If you want to be safe, don't use this Tool. If you do that, don't send sensitive information. If after all you continue, do it on your own risk
Ladies gentleman introducing FatCat V2 1) It’s New , it’s cool to use , inject web! 2) Normal SQL injection 3) Error Based SQL injection 4) WAF (Web application firewall ) Bypass function. 5) Helpful to Pentester – You can create POC from anywhere . 6) It supports Mysql 5.0 7) Developed in PHP 8) FatCat made 3400+ Downloads on Code.google.com
SQL injection in Brief It’s me .. Hi, :/ “SQL Injection happens when user manipulate input & form a SQL Query. “ Sending payload !@#$%^&*()
FatCat Ingredients 1) DB Information & server Information gathering. 2) Normal SQL injection. 3) Error Based SQL injection. 4) WAF (Web Application Firewall)Bypass functions.
FatCat Ingredients 1) DB Information & server Information gathering. By using MYSQL Statement , Db & Server information can be gathered 1. Finding Total Column Count 9. Max allowed Packet size • Order by n+1; • @@max_allowed_packet 2. Finding MySQL Version function • VERSION () Function 3. Finding current User • User() Function 4. Finding Data Directory • @@datadir Function 5. Finding Base Directory • @@basedir Function 6. Finding Host Name • @@hostname Function 7. Finding Operating System • @@version_compile_os Function 8. Finding Current Database name • Database() Function
FatCat Ingredients 1) Normal SQL injection •It is also Know as Union SQL injection •Union help us to combine two result set of the select statement •Eg: Id=-2+Union+select+13371,13372,13373,13374-- -
FatCat Ingredients 2) Error based SQL injection •It is also Know as Double Query SQL injection •Some times union based SQLi get fails that time you can use Error based SQLi • A query which confuse the DB engine and produce helpful mysql errors •Eg: select gmailid,(select password from id where id=9) As Google_India from id; Aww .. ! Double Query duplicate entry '~‘Clubhack_screte'~1' for key 1 Sending payload !@#$W00T%^&*() FatCat web interface
FatCat Ingredients 3) WAF (Web application Firewall) Bypass ?
FatCat Ingredients 1. Protection Against OWASP Top Ten! 2. Types of Vulnerabilities it can prevent. 3. Brute Force protection. In simple language , It’s Monitor HTTP conversation
FatCat Ingredients 3) WAF (Web application Firewall) Bypass •We use Following Methods to bypass WAF •C-Style Mysql comment WAF Bypass •Buffer overflow WAF Bypass •CRLF WAF Bypass •Bypass with Information_schema.statics •Bypass with Information_schema.key_column_usage •Linux Based WAFS •AppArmor •ModSecurity - Also works under Mac OS X, Solaris and other versions of Unix. •Systrace •Zorp
FatCat Ingredients 3) WAF (Web application Firewall) Bypass 1. Mysql Comment WAF bypass •Syntax /*! Mysql Statements */ •Example
FatCat Ingredients 3) WAF (Webapplication Firwall) Bypass 1. Buffer Overflow WAF bypass •Syntax : ‘ AAAAAAAAAAAAAAAAAAAAAAAAAAAA Mysql Statement •Example:
FatCat Ingredients 3) WAF (Webapplication Firwall) Bypass 1. CRLF WAF Bypass Syntax : %0A%0D+Mysql Statements+%0A%0 Example :
FatCat Ingredients 3) WAF (Webapplication Firwall) Bypass 1. Bypass with information_schema.key_column_usage Example :
FatCat Ingredients 3) WAF (Webapplication Firwall) Bypass 1. Bypass with information_schema.statics Example :
Countermeasures for SQLI
Lets Inject with FatCat
Any Questions ? A Gentleman never asks. A Lady never tells.
Thank you ! </presentation>

Recommended

Everyone Matters In Infosec 2014
Everyone Matters In Infosec 2014Everyone Matters In Infosec 2014
Everyone Matters In Infosec 2014
Micah Hoffman
 
SignalR
SignalR SignalR
SignalR
Sarvesh Kushwaha
 
IIS Tilde Enumeration Vulnerability
IIS Tilde Enumeration VulnerabilityIIS Tilde Enumeration Vulnerability
IIS Tilde Enumeration Vulnerability
Micah Hoffman
 
Kali kinux1
Kali kinux1Kali kinux1
Kali kinux1
Mohammad Mafi
 
[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?
OWASP
 
Syntribos API Security Test Automation
Syntribos API Security Test AutomationSyntribos API Security Test Automation
Syntribos API Security Test Automation
Matthew Valdes
 
SANS @Night Talk: SQL Injection Exploited
SANS @Night Talk: SQL Injection ExploitedSANS @Night Talk: SQL Injection Exploited
SANS @Night Talk: SQL Injection Exploited
Micah Hoffman
 
[Wroclaw #7] Security test automation
[Wroclaw #7] Security test automation[Wroclaw #7] Security test automation
[Wroclaw #7] Security test automation
OWASP
 

Recommended

Everyone Matters In Infosec 2014
Everyone Matters In Infosec 2014Everyone Matters In Infosec 2014
Everyone Matters In Infosec 2014
Micah Hoffman
 
SignalR
SignalR SignalR
SignalR
Sarvesh Kushwaha
 
IIS Tilde Enumeration Vulnerability
IIS Tilde Enumeration VulnerabilityIIS Tilde Enumeration Vulnerability
IIS Tilde Enumeration Vulnerability
Micah Hoffman
 
Kali kinux1
Kali kinux1Kali kinux1
Kali kinux1
Mohammad Mafi
 
[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?
OWASP
 
Syntribos API Security Test Automation
Syntribos API Security Test AutomationSyntribos API Security Test Automation
Syntribos API Security Test Automation
Matthew Valdes
 
SANS @Night Talk: SQL Injection Exploited
SANS @Night Talk: SQL Injection ExploitedSANS @Night Talk: SQL Injection Exploited
SANS @Night Talk: SQL Injection Exploited
Micah Hoffman
 
[Wroclaw #7] Security test automation
[Wroclaw #7] Security test automation[Wroclaw #7] Security test automation
[Wroclaw #7] Security test automation
OWASP
 
[Wroclaw #7] AWS (in)security - the devil is in the detail
[Wroclaw #7] AWS (in)security - the devil is in the detail[Wroclaw #7] AWS (in)security - the devil is in the detail
[Wroclaw #7] AWS (in)security - the devil is in the detail
OWASP
 
Unlocking the Magical Powers of WP_Query
Unlocking the Magical Powers of WP_QueryUnlocking the Magical Powers of WP_Query
Unlocking the Magical Powers of WP_Query
Dustin Filippini
 
Drupal Security Intro
Drupal Security IntroDrupal Security Intro
Drupal Security Intro
Cash Williams
 
Columbus WordCamp 2015
Columbus WordCamp 2015Columbus WordCamp 2015
Columbus WordCamp 2015
Jason Packer
 
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPVirtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Michael Coates
 
Android Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAndroid Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) Professionals
Anant Shrivastava
 
Getting Started with Spring Boot
Getting Started with Spring BootGetting Started with Spring Boot
Getting Started with Spring Boot
David Kiss
 
Owasp tools - OWASP Serbia
Owasp tools - OWASP SerbiaOwasp tools - OWASP Serbia
Owasp tools - OWASP Serbia
Nikola Milosevic
 
Secure your site
Secure your siteSecure your site
Secure your site
Matthew Farina
 
Exploiting XPC in AntiVirus
Exploiting XPC in AntiVirusExploiting XPC in AntiVirus
Exploiting XPC in AntiVirus
Csaba Fitzl
 
Entomology 101
Entomology 101Entomology 101
Entomology 101
snyff
 
Mitigating Exploits Using Apple's Endpoint Security
Mitigating Exploits Using Apple's Endpoint SecurityMitigating Exploits Using Apple's Endpoint Security
Mitigating Exploits Using Apple's Endpoint Security
Csaba Fitzl
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod security
Romansh Yadav
 
Mod security
Mod securityMod security
Mod security
Shruthi Kamath
 
pwnd.sh
pwnd.shpwnd.sh
pwnd.sh
Chandrapal Badshah
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
n|u - The Open Security Community
 
My pwk & oscp journey
My pwk & oscp journeyMy pwk & oscp journey
My pwk & oscp journey
M.Syarifudin, ST, OSCP, OSWP
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Anant Shrivastava
 
2014 ZAP Workshop 2: Contexts and Fuzzing
2014 ZAP Workshop 2: Contexts and Fuzzing2014 ZAP Workshop 2: Contexts and Fuzzing
2014 ZAP Workshop 2: Contexts and Fuzzing
Simon Bennetts
 
HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwa...
HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwa...HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwa...
HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwa...
Databricks
 
Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2
Jim Manico
 
Vulnerabilities in data processing levels
Vulnerabilities in data processing levelsVulnerabilities in data processing levels
Vulnerabilities in data processing levelsbeched
 

More Related Content

What's hot

[Wroclaw #7] AWS (in)security - the devil is in the detail
[Wroclaw #7] AWS (in)security - the devil is in the detail[Wroclaw #7] AWS (in)security - the devil is in the detail
[Wroclaw #7] AWS (in)security - the devil is in the detail
OWASP
 
Unlocking the Magical Powers of WP_Query
Unlocking the Magical Powers of WP_QueryUnlocking the Magical Powers of WP_Query
Unlocking the Magical Powers of WP_Query
Dustin Filippini
 
Drupal Security Intro
Drupal Security IntroDrupal Security Intro
Drupal Security Intro
Cash Williams
 
Columbus WordCamp 2015
Columbus WordCamp 2015Columbus WordCamp 2015
Columbus WordCamp 2015
Jason Packer
 
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPVirtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Michael Coates
 
Android Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAndroid Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) Professionals
Anant Shrivastava
 
Getting Started with Spring Boot
Getting Started with Spring BootGetting Started with Spring Boot
Getting Started with Spring Boot
David Kiss
 
Owasp tools - OWASP Serbia
Owasp tools - OWASP SerbiaOwasp tools - OWASP Serbia
Owasp tools - OWASP Serbia
Nikola Milosevic
 
Secure your site
Secure your siteSecure your site
Secure your site
Matthew Farina
 
Exploiting XPC in AntiVirus
Exploiting XPC in AntiVirusExploiting XPC in AntiVirus
Exploiting XPC in AntiVirus
Csaba Fitzl
 
Entomology 101
Entomology 101Entomology 101
Entomology 101
snyff
 
Mitigating Exploits Using Apple's Endpoint Security
Mitigating Exploits Using Apple's Endpoint SecurityMitigating Exploits Using Apple's Endpoint Security
Mitigating Exploits Using Apple's Endpoint Security
Csaba Fitzl
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod security
Romansh Yadav
 
Mod security
Mod securityMod security
Mod security
Shruthi Kamath
 
pwnd.sh
pwnd.shpwnd.sh
pwnd.sh
Chandrapal Badshah
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
n|u - The Open Security Community
 
My pwk & oscp journey
My pwk & oscp journeyMy pwk & oscp journey
My pwk & oscp journey
M.Syarifudin, ST, OSCP, OSWP
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Anant Shrivastava
 
2014 ZAP Workshop 2: Contexts and Fuzzing
2014 ZAP Workshop 2: Contexts and Fuzzing2014 ZAP Workshop 2: Contexts and Fuzzing
2014 ZAP Workshop 2: Contexts and Fuzzing
Simon Bennetts
 
HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwa...
HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwa...HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwa...
HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwa...
Databricks
 

What's hot (20)

[Wroclaw #7] AWS (in)security - the devil is in the detail
[Wroclaw #7] AWS (in)security - the devil is in the detail[Wroclaw #7] AWS (in)security - the devil is in the detail
[Wroclaw #7] AWS (in)security - the devil is in the detail
 
Unlocking the Magical Powers of WP_Query
Unlocking the Magical Powers of WP_QueryUnlocking the Magical Powers of WP_Query
Unlocking the Magical Powers of WP_Query
 
Drupal Security Intro
Drupal Security IntroDrupal Security Intro
Drupal Security Intro
 
Columbus WordCamp 2015
Columbus WordCamp 2015Columbus WordCamp 2015
Columbus WordCamp 2015
 
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPVirtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
 
Android Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAndroid Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) Professionals
 
Getting Started with Spring Boot
Getting Started with Spring BootGetting Started with Spring Boot
Getting Started with Spring Boot
 
Owasp tools - OWASP Serbia
Owasp tools - OWASP SerbiaOwasp tools - OWASP Serbia
Owasp tools - OWASP Serbia
 
Secure your site
Secure your siteSecure your site
Secure your site
 
Exploiting XPC in AntiVirus
Exploiting XPC in AntiVirusExploiting XPC in AntiVirus
Exploiting XPC in AntiVirus
 
Entomology 101
Entomology 101Entomology 101
Entomology 101
 
Mitigating Exploits Using Apple's Endpoint Security
Mitigating Exploits Using Apple's Endpoint SecurityMitigating Exploits Using Apple's Endpoint Security
Mitigating Exploits Using Apple's Endpoint Security
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod security
 
Mod security
Mod securityMod security
Mod security
 
pwnd.sh
pwnd.shpwnd.sh
pwnd.sh
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
My pwk & oscp journey
My pwk & oscp journeyMy pwk & oscp journey
My pwk & oscp journey
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
 
2014 ZAP Workshop 2: Contexts and Fuzzing
2014 ZAP Workshop 2: Contexts and Fuzzing2014 ZAP Workshop 2: Contexts and Fuzzing
2014 ZAP Workshop 2: Contexts and Fuzzing
 
HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwa...
HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwa...HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwa...
HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwa...
 

Similar to Fatcat Automatic Web SQL Injector by Sandeep Kamble

Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2
Jim Manico
 
Vulnerabilities in data processing levels
Vulnerabilities in data processing levelsVulnerabilities in data processing levels
Vulnerabilities in data processing levelsbeched
 
Vulnerabilities on Various Data Processing Levels
Vulnerabilities on Various Data Processing LevelsVulnerabilities on Various Data Processing Levels
Vulnerabilities on Various Data Processing LevelsPositive Hack Days
 
Oracle WebLogic Diagnostics & Perfomance tuning
Oracle WebLogic Diagnostics & Perfomance tuningOracle WebLogic Diagnostics & Perfomance tuning
Oracle WebLogic Diagnostics & Perfomance tuning
Michel Schildmeijer
 
Securing applications
Securing applicationsSecuring applications
Securing applications
ColdFusionConference
 
How to secure your web applications with NGINX
How to secure your web applications with NGINXHow to secure your web applications with NGINX
How to secure your web applications with NGINX
Wallarm
 
Application Security Workshop
Application Security Workshop Application Security Workshop
Application Security Workshop
Priyanka Aash
 
Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5
Jim Manico
 
Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17
Sagar M Parmar
 
Web hackingtools cf-summit2014
Web hackingtools cf-summit2014Web hackingtools cf-summit2014
Web hackingtools cf-summit2014
ColdFusionConference
 
Codeigniter
CodeigniterCodeigniter
Codeigniter
Joram Salinas
 
Watch How The Giants Fall: Learning from Bug Bounty Results
Watch How The Giants Fall: Learning from Bug Bounty ResultsWatch How The Giants Fall: Learning from Bug Bounty Results
Watch How The Giants Fall: Learning from Bug Bounty Results
jtmelton
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
 
Api days 2018 - API Security by Sqreen
Api days 2018 - API Security by SqreenApi days 2018 - API Security by Sqreen
Api days 2018 - API Security by Sqreen
Sqreen
 
Securing Legacy CFML Code
Securing Legacy CFML CodeSecuring Legacy CFML Code
Securing Legacy CFML Code
ColdFusionConference
 
ASP.NET MVC Best Practices malisa ncube
ASP.NET MVC Best Practices malisa ncubeASP.NET MVC Best Practices malisa ncube
ASP.NET MVC Best Practices malisa ncube
Malisa Ncube
 
2016 oSC MySQL Firewall
2016 oSC MySQL Firewall2016 oSC MySQL Firewall
2016 oSC MySQL Firewall
Georgi Kodinov
 
Ratpack Web Framework
Ratpack Web FrameworkRatpack Web Framework
Ratpack Web Framework
Daniel Woods
 
MySQL Ecosystem in 2020
MySQL Ecosystem in 2020MySQL Ecosystem in 2020
MySQL Ecosystem in 2020
Alkin Tezuysal
 
Apache Spark v3.0.0
Apache Spark v3.0.0Apache Spark v3.0.0
Apache Spark v3.0.0
Jean-Georges Perrin
 

Similar to Fatcat Automatic Web SQL Injector by Sandeep Kamble (20)

Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2
 
Vulnerabilities in data processing levels
Vulnerabilities in data processing levelsVulnerabilities in data processing levels
Vulnerabilities in data processing levels
 
Vulnerabilities on Various Data Processing Levels
Vulnerabilities on Various Data Processing LevelsVulnerabilities on Various Data Processing Levels
Vulnerabilities on Various Data Processing Levels
 
Oracle WebLogic Diagnostics & Perfomance tuning
Oracle WebLogic Diagnostics & Perfomance tuningOracle WebLogic Diagnostics & Perfomance tuning
Oracle WebLogic Diagnostics & Perfomance tuning
 
Securing applications
Securing applicationsSecuring applications
Securing applications
 
How to secure your web applications with NGINX
How to secure your web applications with NGINXHow to secure your web applications with NGINX
How to secure your web applications with NGINX
 
Application Security Workshop
Application Security Workshop Application Security Workshop
Application Security Workshop
 
Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5
 
Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17
 
Web hackingtools cf-summit2014
Web hackingtools cf-summit2014Web hackingtools cf-summit2014
Web hackingtools cf-summit2014
 
Codeigniter
CodeigniterCodeigniter
Codeigniter
 
Watch How The Giants Fall: Learning from Bug Bounty Results
Watch How The Giants Fall: Learning from Bug Bounty ResultsWatch How The Giants Fall: Learning from Bug Bounty Results
Watch How The Giants Fall: Learning from Bug Bounty Results
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
 
Api days 2018 - API Security by Sqreen
Api days 2018 - API Security by SqreenApi days 2018 - API Security by Sqreen
Api days 2018 - API Security by Sqreen
 
Securing Legacy CFML Code
Securing Legacy CFML CodeSecuring Legacy CFML Code
Securing Legacy CFML Code
 
ASP.NET MVC Best Practices malisa ncube
ASP.NET MVC Best Practices malisa ncubeASP.NET MVC Best Practices malisa ncube
ASP.NET MVC Best Practices malisa ncube
 
2016 oSC MySQL Firewall
2016 oSC MySQL Firewall2016 oSC MySQL Firewall
2016 oSC MySQL Firewall
 
Ratpack Web Framework
Ratpack Web FrameworkRatpack Web Framework
Ratpack Web Framework
 
MySQL Ecosystem in 2020
MySQL Ecosystem in 2020MySQL Ecosystem in 2020
MySQL Ecosystem in 2020
 
Apache Spark v3.0.0
Apache Spark v3.0.0Apache Spark v3.0.0
Apache Spark v3.0.0
 

More from ClubHack

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014
ClubHack
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
ClubHack
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber Insurance
ClubHack
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threat
ClubHack
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
ClubHack
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
ClubHack
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
ClubHack
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
ClubHack
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
ClubHack
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
ClubHack
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
ClubHack
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
ClubHack
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
ClubHack
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan Joshi
ClubHack
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012
ClubHack
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
ClubHack
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012
ClubHack
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
ClubHack
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
ClubHack
 
One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)
ClubHack
 

More from ClubHack (20)

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber Insurance
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threat
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan Joshi
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
 
One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)
 

Recently uploaded

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 

Recently uploaded (20)

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 

Fatcat Automatic Web SQL Injector by Sandeep Kamble

  • 1. FatCat V2– Automatic Web [S]QL-Injector Sandeep Kamble AKA [S] Parason INC Blog : http://sandeepkamble.com Twitter: @SandeepL337
  • 2. # /usr/bin/whoami •Narcissistic Vulnerability Pimp (aka Security Researcher for fun) •Listed in Google , Facebook , Twitter , Drop box , Cloud flare , 500px , Lynda.com , Central Desktop Security Pages. •Ahhh ? What are those Vulnerabilities •Member of Garage4hackers.com & you can find POC @G4h.
  • 3. Index •Introducing FatCat Beta 2 •SQL Injection in Brief • FatCat Injgredients 1) DB Information & server Information gathering. 2) Normal SQL injection. 3) Error Based SQL injection. 4) WAF (Web Application Firewall)Bypass functions. •C-Style Mysql comment WAF Bypass •Buffer overflow WAF Bypass •CRLF WAF Bypass •Bypass with Information_schema.statics •Bypass with Information_schema.key_column_usage 5) Countermeasures 6) Demo
  • 4. Provide Good Advise for Good People Warning! : FatCat is being used for security research. All PHP files will be infected and all yours data will be collected. If you want to be safe, don't use this Tool. If you do that, don't send sensitive information. If after all you continue, do it on your own risk
  • 5. Ladies gentleman introducing FatCat V2 1) It’s New , it’s cool to use , inject web! 2) Normal SQL injection 3) Error Based SQL injection 4) WAF (Web application firewall ) Bypass function. 5) Helpful to Pentester – You can create POC from anywhere . 6) It supports Mysql 5.0 7) Developed in PHP 8) FatCat made 3400+ Downloads on Code.google.com
  • 6. SQL injection in Brief It’s me .. Hi, :/ “SQL Injection happens when user manipulate input & form a SQL Query. “ Sending payload !@#$%^&*()
  • 7. FatCat Ingredients 1) DB Information & server Information gathering. 2) Normal SQL injection. 3) Error Based SQL injection. 4) WAF (Web Application Firewall)Bypass functions.
  • 8. FatCat Ingredients 1) DB Information & server Information gathering. By using MYSQL Statement , Db & Server information can be gathered 1. Finding Total Column Count 9. Max allowed Packet size • Order by n+1; • @@max_allowed_packet 2. Finding MySQL Version function • VERSION () Function 3. Finding current User • User() Function 4. Finding Data Directory • @@datadir Function 5. Finding Base Directory • @@basedir Function 6. Finding Host Name • @@hostname Function 7. Finding Operating System • @@version_compile_os Function 8. Finding Current Database name • Database() Function
  • 9. FatCat Ingredients 1) Normal SQL injection •It is also Know as Union SQL injection •Union help us to combine two result set of the select statement •Eg: Id=-2+Union+select+13371,13372,13373,13374-- -
  • 10. FatCat Ingredients 2) Error based SQL injection •It is also Know as Double Query SQL injection •Some times union based SQLi get fails that time you can use Error based SQLi • A query which confuse the DB engine and produce helpful mysql errors •Eg: select gmailid,(select password from id where id=9) As Google_India from id; Aww .. ! Double Query duplicate entry '~‘Clubhack_screte'~1' for key 1 Sending payload !@#$W00T%^&*() FatCat web interface
  • 11. FatCat Ingredients 3) WAF (Web application Firewall) Bypass ?
  • 12. FatCat Ingredients 1. Protection Against OWASP Top Ten! 2. Types of Vulnerabilities it can prevent. 3. Brute Force protection. In simple language , It’s Monitor HTTP conversation
  • 13. FatCat Ingredients 3) WAF (Web application Firewall) Bypass •We use Following Methods to bypass WAF •C-Style Mysql comment WAF Bypass •Buffer overflow WAF Bypass •CRLF WAF Bypass •Bypass with Information_schema.statics •Bypass with Information_schema.key_column_usage •Linux Based WAFS •AppArmor •ModSecurity - Also works under Mac OS X, Solaris and other versions of Unix. •Systrace •Zorp
  • 14. FatCat Ingredients 3) WAF (Web application Firewall) Bypass 1. Mysql Comment WAF bypass •Syntax /*! Mysql Statements */ •Example
  • 15. FatCat Ingredients 3) WAF (Webapplication Firwall) Bypass 1. Buffer Overflow WAF bypass •Syntax : ‘ AAAAAAAAAAAAAAAAAAAAAAAAAAAA Mysql Statement •Example:
  • 16. FatCat Ingredients 3) WAF (Webapplication Firwall) Bypass 1. CRLF WAF Bypass Syntax : %0A%0D+Mysql Statements+%0A%0 Example :
  • 17. FatCat Ingredients 3) WAF (Webapplication Firwall) Bypass 1. Bypass with information_schema.key_column_usage Example :
  • 18. FatCat Ingredients 3) WAF (Webapplication Firwall) Bypass 1. Bypass with information_schema.statics Example :
  • 21. Any Questions ? A Gentleman never asks. A Lady never tells.