Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker course > Content
Hot Articles
SmoothWall Introduces Lo
Travel of the JSP+Oracle
Hacker skill: Gains Webs
Breaks through the Inter
MYSQL database injection
The Tomcat backstage tak
Breaks through the Inter
The hacker teaches you a
WinHex pursues the code
How does the hacker dest
How teaches you to take
The SQL injection revise
mssql SA jurisdiction ne
Microsoft SQL Server SA
The bored Css cross stat
Recommend Articles
The SQL injection revise
How does the hacker dest
The new military recruit
Union inquires the small
MYSQL database injection
Invades under new skill
How does the website scr
Smells searches works as
How in does the net seep
Microsoft SQL Server SA
A simple invasion, does
The mainstream raises th
The bored Css cross stat
The random combined comm
The hacker teaches you a
New Articles
Check Point offers compa
The malware spreads Cali
Full Disk Encryption pro
Cardholders should take
U.S. still more spam tha
Strong encryption L?solu
ConvexSoft DJ Audio Mixe
Few companies k?can be i
IT professionals can kee
k the media?can not by s
k the media?can not by s
Google Custom Search Eng
Users of the iPhone and
Gateshead College offers
Manchester obtained pass
The hacker teaches you anything is the SQL injection method attack(2)
  Add date: 07/16/2008   Publishing date: 07/16/2008   Hits: 13
Total 10 pages, Current page:2, Jump to page:
 


To be clear the question explanation, following by HTTP://xxx.xxx.xxx/abc.asp? p=YY is the example carries on the analysis, YY is possibly a trueing, also has the possibility is the string of character.
1st, trueing parameter judgment
When inputs when parameter YY is a trueing, usually in abc.asp the SQL sentence original condition is approximately as follows:
select * from table where field =YY, therefore may use the following step to test SQL to pour into whether to exist.
¢ÙHTTP://xxx.xxx.xxx/abc.asp? p=YY'(attaches single quotes), this time in the abc.ASP SQL sentence turned
select * from table where field =YY', abc.asp operation exception;
¢ÚHTTP://xxx.xxx.xxx/abc.asp? p=YY and 1=1, abc.asp moves normally, moreover and HTTP://xxx.xxx.xxx/abc.asp? the p=YY movement result is the same;
¢ÛHTTP://xxx.xxx.xxx/abc.asp? p=YY and 1=2, abc.asp operation exception;
If above three steps satisfies comprehensively, in abc.asp has certainly SQL to pour into the crack.
2nd, string of character parameter judgment
When inputs when parameter YY is a string of character, usually in abc.asp the SQL sentence original condition is approximately as follows:
select * from table where field = ' YY', therefore may use the following step to test SQL to pour into whether to exist.
¢ÙHTTP://xxx.xxx.xxx/abc.asp? p=YY'(attaches single quotes), this time in the abc.ASP SQL sentence turned
select * from table where field =YY', abc.asp operation exception;
¢ÚHTTP://xxx.xxx.xxx/abc.asp? p=YY&nb… 39; 1 ' = ' 1 ', abc.asp moves normally, moreover and HTTP://xxx.xxx.xxx/abc.asp? the p=YY movement result is the same;

¢ÛHTTP://xxx.xxx.xxx/abc.asp? p=YY&nb… 39; 1 ' = ' 2 ', abc.asp operation exception; BiYtAmqviP  
If above three steps satisfies comprehensively, in abc.asp has certainly SQL to pour into the crack.
3rd, peculiar circumstance processing
Sometimes the ASP programmer will filter characters and so on single quotes in the programmer, will prevent SQL to pour into. This time may use following several methods to try.
¢ÙThe size decides the mixing method: Because VBS does not differentiate the big small letter, but programmer in filtration time usually either completely filters the capital letter string of character, either filters the small letter string of character completely, but the big small letter mix will often be neglected. If replaces select, SELECT with SelecT and so on;
¢ÚUNICODE law: In IIS, realizes the internationalization by the UNICODE character repertoire, we definitely may in IE input the string of character turns into the UNICODE string of character to carry on the input. If + =%2B, blank space =%20 and so on; The URLEncode information see also the appendix one;
¢ÛASCII code law: May uses the input part or the complete character the ASCII code to replace completely, like U=chr(85), a=chr(97) and so on, the ASCII information see also the appendix two;

Second, discrimination database server type
Generally speaking, ACCESS and SQL-SERVER are the most commonly used database servers, although they support the T-SQL standard, but also has the difference, moreover the different database has the different method of attack, must the differential treatment.

 
Other pages: : <<Prev * 1 * 2 * 3 * 4 * 5 * 6 * 7 * 8 * 9 * 10 * Next>>
Prev:The random combined command achieves exempts kills Next:The SQL weak password 1433 catch the chicken to meet the question

Comment:

Category: Home > hacker course
Home