Jump to content

sql injection while cloudflare on

0o0michael0o0

By 0o0michael0o0
in Security

 Share

Recommended Posts

digip Newbie

digip

Posted
Posted

If you can de-cloak the severs IP, or find it through other means such as whois archives or netcraft history, then you can point your hosts file at the real IP and then run your attacks. Doesn't mean the exploits work, which would still require a vulnerable version of SQL software and/or accepting unsanitized data input that you can manipulate. One of the quickest checks is replacing www.somesite.com with direct.somesite.com or direct-connect.somesite.com. These often expose the domains real IP, as well as brute forcing sub domains like mail.domain.com, or even ftp.domain.com

Link to comment
Share on other sites
0o0michael0o0 Newbie

0o0michael0o0

Posted
  • Author
Posted

If you can de-cloak the severs IP, or find it through other means such as whois archives or netcraft history, then you can point your hosts file at the real IP and then run your attacks. Doesn't mean the exploits work, which would still require a vulnerable version of SQL software and/or accepting unsanitized data input that you can manipulate. One of the quickest checks is replacing www.somesite.com with direct.somesite.com or direct-connect.somesite.com. These often expose the domains real IP, as well as brute forcing sub domains like mail.domain.com, or even ftp.domain.com

thnx digip , actually the site is very well protected and i tried to enumrate the dns with more than methoud but i got a question , if i get the real ip of the server , how can i make the sqlmap or havij for example use the real ip ?? i know that if i get the user of the site , i can do it like that http://127.0.0.0/~/user/etc

but what if i did`nt get the user of the site ? how can i inject the site after getting the real ip ? thnx in advance

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

I'm not going to help you attack a site on the internet, but pointing to the real server once you have the actual IP is trivial. Rest is on you to do whatever it is you're after and of your own volition. Learning how to defeat cloudflare is not a crime though. Taking out a site behind it, may be.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...