Hi all null byters!!:)
i scanned a website using nikto first and just got the information about the server etc,but didnt find any vulnerability.Then on the suggestion of one of the co-null byte friend,i scanned the website using vega.Vega showed me 5 high vulnerabilities of which 2 were that of-clear password over HTTP,and the other 3 being Sql injections,now just leaving Clear password over HTTP aside how can we exploit the SQL injections.I mean we need a proper SQL vunerable URL to use it through SQLMAP in kali,vega didn't show any specific URL or directory,now how can i get the required SQL vunerable URL or atleast how to exploit it in other ways and any information about-Clear passwords though HTTP is also welcome..
sry for the long post,
Thank you...
3 Responses
First, vulnerability scanners invariably have numerous false positives. Second, usually the vulnerability scanner with give you a CVE number. You can use it to search www.securityfocus.com or other vulnerability database for details and exploits.
Thanks a lot OTW sir,
Firstly,it seems like an inspiration to see you spending hour and hours writing How to's and answering almost all the even pretty newbie questions,help all the newbies and script kidders learn the security deeper and deeper.
Comming back to the topic sir,I didn't find any CVE no in the exploits and even tried googling it to see CVE no in VEGA exploits but i had not found any relevent information about it..
anyway,once again thank you sir..
Don't know about xss but if you find sql injection in request you'll find http://ur/?id=1,2,3 etc.. or any other paramteres just hack it using sqlmap :)
Share Your Thoughts