Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker invade > Content
Hot Articles
The MS08-067 crack invad
Smoothwall previews low
The RPC crack invades
GE Interlogix Diamond II
when load_file() invasio
Breaks the IE safe limit
Uses 135 ports to invade
MS08-067 introduces the
The local area network i
Sharp oracle pours into
SonicWALL Customers Prot
SmoothWall Launches Smoo
Invades the WINDOWS serv
Invades RedHat the Linux
Lotus notes also plays t
Recommend Articles
Manual injection ASP scr
Simulates the intruder t
Invades the chinalinux s
The local area network i
Invades the Linux operat
Invades in the process t
Invades once more using
Invades the WINDOWS serv
PHP pours into the invas
Brief analysis Linux sys
Invades the Turkish webs
Invades RedHat the Linux
Buffer overflow analysis
Invades the Linux system
The study contains the c
New Articles
Comodo Disk Encryption n
CRYPTO-MAS-service authe
The criminal attacks Erh
Hackers and malware deve
Five steps to protect co
MI5 hack highlights secu
Kaspersky Mobile Securit
Clavister and Meru Netwo
BioSlimDisk encrypted po
Facebook users are at ri
Europ?organizations awar
Gumblar Web-based attack
2012 Olympic Games suffe
Ties aimed at both Windo
How to recover EFS encry
PHP pours into the invasion example
  Add date: 07/12/2008   Publishing date: 07/12/2008   Hits: 12
Total 4 pages, Current page:1, Jump to page:
 
Today what I must give everybody the explanation is an unusual NB invasion process, I thought that the unusual splendor, inside has contained very many knowledge spots, this to with the friend who does not understand php completely can spell over equally, and carries on the invasion similar website according to inside technology, and can obtain the very good effect.

    Now SQL pours into the crack everywhere to uncover is, and develops outstanding tool for example NBSI, with CASI and so on. This has been good regarding we such new military recruits, because avoided us manual coming the little guess completely, big enhancement invasion rate. . The good idle talk said that not much enters our article directly, comes travel of the time illusion, believed that your here certainly could again find belongs to your thing.

One. Elementary knowledge

    First I am inarticulate a php crack the formation cardinal principle, many people thought that pours from the top into PHP+MYSQL must certainly use the single quotes, or does not have the means to look like MSSQL such to be possible to use “declare @a sysname select @a= exec master.dbo.xp_cmdshell @a” this kind of order to eliminate the quotation mark, actually this was everybody to one kind of misunderstanding which poured into or this said that was to pours into the understanding one kind of erroneous zone.

¡¡¡¡Why? No matter because in any language, in quotation mark (including odd and even), all strings of character are the constants, even if is dir such order, also tight is the string of character, cannot treat as the order execution, only if is the code which like this writes:

$command = “dir c:\”;

system($command);

¡¡¡¡Otherwise is only the string of character merely, certainly, we said the order not just refers to the system order, what here said is the SQL sentence, must let the SQL sentence which we construct carry out normally, cannot let our sentence turn the string of character, then in what situation will use the single quotes? When doesn't use? Has a look at the following two SQL sentence:

¢ÙSELECT * FROM article WHERE articleid=$id

¢ÚSELECT * FROM article WHERE articleid=$id

¡¡¡¡Two kind of mode of writing are very common in each kind of procedure, but the security is different, because first places variable $id in pair of single quotes, like this caused the variable which we submitted to turn the string of character, even if has contained the correct SQL sentence, also will not carry out normally, but the second difference, because has not admitted the variable in the single quotes, then we submitted all, so long as contained the blank space, after that blank space's variable could take the SQL sentence execution, we submitted the abnormal sentence which separately in view of two sentences two successes poured into, had a look at the difference.

¢Ù Assigns variable $id is:

1 and 1=2 union select * from user where userid=1/*

This time the entire SQL sentence becomes:

 
Other pages: : 1 * 2 * 3 * 4 * Next>>
Prev:Invades the WINDOWS server using the windows script Next:Brief analysis Linux system back door technology and practice method

Comment:

Category: Home > hacker invade
Home