Featured Exploits
SAINTexploit includes an extensive, multi-platform exploit library with remote, local, and client exploits. A few sample exploits are presented below; to see the full exploit library, customers can login to their mySAINT portal to browse the exploit and vulnerability tutorials. The tutorials provide background, problem, resolution, and reference information for each exploit.
SQL Injection Authentication Bypass
Type: Remote
Platform: Cross-platform
The Problem: Structured Query Language (SQL) is the most common language understood by modern relational databases. A web program uses input parameters within an SQL query in an unsafe manner. This could allow a remote attacker to manipulate the authentication query via a specially crafted input parameter containing unexpected characters. A successful SQL injection attack could result in unauthorized access to the web application.
The exploit: This exploit targets SQL injection flaws affecting login and password fields in web applications. Upon success, it provides an authenticated login session to the web application.
Platform: Cross-platform
The Problem: Structured Query Language (SQL) is the most common language understood by modern relational databases. A web program uses input parameters within an SQL query in an unsafe manner. This could allow a remote attacker to manipulate the authentication query via a specially crafted input parameter containing unexpected characters. A successful SQL injection attack could result in unauthorized access to the web application.
The exploit: This exploit targets SQL injection flaws affecting login and password fields in web applications. Upon success, it provides an authenticated login session to the web application.
Cross-site Scripting Cookie Theft
Type: Remote
Platform: Cross-platform
The Problem: Many web sites include scripts, which are lists of commands which, when executed in sequence, provide some enhancement to a web page. Web browsers are able to recognize scripts in web pages by the <SCRIPT> tag and handle them accordingly.
By sending an HTTP request containing <SCRIPT> tags to the web program, it is possible to cause the web server to return a page which contains arbitrary script. This condition allows an attacker to trick a user into executing the script in the user's browser in the security context of the vulnerable site. The script sends the user's cookies back to the attacker. If the cookies contain session IDs, the attacker can then use the cookies to hijack the user's session and gain unauthorized access to the web application.
The exploit: This exploit targets cross-site scripting vulnerabilities in form parameters. When a vulnerability is found, it prompts you to send an e-mail message containing a crafted link which exploits the vulnerability. When someone clicks on the link, the browser cookies are captured, giving you an authenticated web session.
Platform: Cross-platform
The Problem: Many web sites include scripts, which are lists of commands which, when executed in sequence, provide some enhancement to a web page. Web browsers are able to recognize scripts in web pages by the <SCRIPT> tag and handle them accordingly.
By sending an HTTP request containing <SCRIPT> tags to the web program, it is possible to cause the web server to return a page which contains arbitrary script. This condition allows an attacker to trick a user into executing the script in the user's browser in the security context of the vulnerable site. The script sends the user's cookies back to the attacker. If the cookies contain session IDs, the attacker can then use the cookies to hijack the user's session and gain unauthorized access to the web application.
The exploit: This exploit targets cross-site scripting vulnerabilities in form parameters. When a vulnerability is found, it prompts you to send an e-mail message containing a crafted link which exploits the vulnerability. When someone clicks on the link, the browser cookies are captured, giving you an authenticated web session.
SSH Password Weakness
Type: Remote
Platform: Linux/others
The Problem: Passwords are the most commonly used method of authenticating users to a server. The combination of a login name and password is used to verify the identity of a user requesting access, and to determine what parts of the server the user has permission to access.
Administrators often set up new user accounts with no password or with a default password which is easy to guess. Additionally, some users may choose a simple password which is easy to remember. Null passwords and passwords that are very similar to the login name are an easy way for attackers to gain access to the system.
The exploit: This exploit attempts to penetrate the target by trying a number of default SSH logins and passwords.
Platform: Linux/others
The Problem: Passwords are the most commonly used method of authenticating users to a server. The combination of a login name and password is used to verify the identity of a user requesting access, and to determine what parts of the server the user has permission to access.
Administrators often set up new user accounts with no password or with a default password which is easy to guess. Additionally, some users may choose a simple password which is easy to remember. Null passwords and passwords that are very similar to the login name are an easy way for attackers to gain access to the system.
The exploit: This exploit attempts to penetrate the target by trying a number of default SSH logins and passwords.
PHP Remote File Inclusion
Type: Remote
Platform:Cross-platform
The Problem: PHP scripts support the include and require statements, which cause an outside script to be run within the calling script. The included script can be a local file or, in some configurations, the URL of a remote file.
The PHP script is vulnerable to a remote file inclusion vulnerability. This vulnerability typically arises due to an include or require command where the included file path can be manipulated by a remote user via a specific HTTP input parameter. A remote attacker could execute arbitrary PHP commands on the target by specifying the URL of a PHP script on his or her own server in the input parameter.
The exploit: This exploit attempts to penetrate the target by searching for PHP remote file inclusion vulnerabilities in a number of common form parameters. When a vulnerability is found, it uses the vulnerability to include a payload file resulting in a command connection to the target.
Platform:Cross-platform
The Problem: PHP scripts support the include and require statements, which cause an outside script to be run within the calling script. The included script can be a local file or, in some configurations, the URL of a remote file.
The PHP script is vulnerable to a remote file inclusion vulnerability. This vulnerability typically arises due to an include or require command where the included file path can be manipulated by a remote user via a specific HTTP input parameter. A remote attacker could execute arbitrary PHP commands on the target by specifying the URL of a PHP script on his or her own server in the input parameter.
The exploit: This exploit attempts to penetrate the target by searching for PHP remote file inclusion vulnerabilities in a number of common form parameters. When a vulnerability is found, it uses the vulnerability to include a payload file resulting in a command connection to the target.
Windows Password Weakness
Type: Remote
Platform: Windows
The Problem: Passwords are the most commonly used method of authenticating users to a server. The combination of a login name and password is used to verify the identity of a user requesting access, and to determine what parts of the server the user has permission to access.
Administrators often set up new user accounts with no password or with a default password which is easy to guess. Additionally, some users may choose a simple password which is easy to remember. Null passwords and passwords that are very similar to the login name are an easy way for attackers to gain access to the system.
The exploit: This exploit attempts to penetrate the target by guessing passwords.
Platform: Windows
The Problem: Passwords are the most commonly used method of authenticating users to a server. The combination of a login name and password is used to verify the identity of a user requesting access, and to determine what parts of the server the user has permission to access.
Administrators often set up new user accounts with no password or with a default password which is easy to guess. Additionally, some users may choose a simple password which is easy to remember. Null passwords and passwords that are very similar to the login name are an easy way for attackers to gain access to the system.
The exploit: This exploit attempts to penetrate the target by guessing passwords.