Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker course > Content
Hot Articles
SmoothWall Introduces Lo
Travel of the JSP+Oracle
Hacker skill: Gains Webs
Breaks through the Inter
MYSQL database injection
The Tomcat backstage tak
Breaks through the Inter
The hacker teaches you a
WinHex pursues the code
How does the hacker dest
How teaches you to take
The SQL injection revise
mssql SA jurisdiction ne
Microsoft SQL Server SA
The bored Css cross stat
Recommend Articles
The SQL injection revise
How does the hacker dest
The new military recruit
Union inquires the small
MYSQL database injection
Invades under new skill
How does the website scr
Smells searches works as
How in does the net seep
Microsoft SQL Server SA
A simple invasion, does
The mainstream raises th
The bored Css cross stat
The random combined comm
The hacker teaches you a
New Articles
Check Point offers compa
The malware spreads Cali
Full Disk Encryption pro
Cardholders should take
U.S. still more spam tha
Strong encryption L?solu
ConvexSoft DJ Audio Mixe
Few companies k?can be i
IT professionals can kee
k the media?can not by s
k the media?can not by s
Google Custom Search Eng
Users of the iPhone and
Gateshead College offers
Manchester obtained pass
The hacker teaches you anything is the SQL injection method attack(6)
  Add date: 07/16/2008   Publishing date: 07/16/2008   Hits: 13
Total 10 pages, Current page:6, Jump to page:
 

HTTP://xxx.xxx.xxx/abc.asp? p=YY and (select top 1 id from… ere id not in ('xyz'))>0 obtains in table TEMP the second record id field value.

 
Fifth, uploads the ASP wooden horse? irp0)
The so-called ASP wooden horse, is a section has the special function ASP code, and puts under WEB hypothesized table of contents Scripts, the long-distance customer may carry out it through IE, then obtains system's USER jurisdiction, realizes to system's preliminary control. Uploads the ASP wooden horse to have two quite effective methods generally:
1st, uses WEB the long-distance management function
Many WEB stands, to maintain convenient, has provided the long-distance management function; Also has many WEB stands, its content has the different access authority regarding the different user. In order to achieve to the user jurisdiction control, some homepage, request user name and password, only then has input the correct value, can carry on the next step operation, may realize to the WEB management, like upload, downloading document, table of contents browsing, revision disposition and so on.
Therefore, if gains the correct user name and the password, not only may upload the ASP wooden horse, sometimes even can obtain the USER jurisdiction to glance over the system directly, on one step “discovered WEB hypothesized catalog” the complex operation may abbreviate.
The user name and the password deposit generally in a table, discovered that this table and reads the content has then solved the problem. The following gives two efficacious devices.
A, injection method:
Theoretically speaking, will authenticate in the homepage to have for example:
select * from admin where username='XXX' and password='YYY' sentence, if before commencement of commercial operation this, has not carried on the essential character filtration, then very easy to implement SQL to pour into.
If inputs in the user famous text frame: abc' or 1=1-- Inputs in the password frame: 123 piece of SQL sentences turn:  
no matter select * from admin where username='abc' or 1=1 and password='123' the user inputs any user name and the password, this sentence forever can carry out correctly, the user has deceived the system easily, the gain legal identity.
B, guesses the solution:
The basic mentality is: Guessed that the solution all database name, guesses correctly in the storehouse each table, the analysis possibly is deposits the user name and password table, guesses correctly in the table each field name, guesses correctly in the table each record content.
l guesses the solution all database name
HTTP://xxx.xxx.xxx/abc.asp? p=YY and (select count(*) from master.dbo.sysdatabases where name>1 and dbid=6) <>0 because of the dbid value from 1 to 5, was the system uses. Therefore user construct is certainly from 6 starts. And we have submitted name>1 (the name field are a character field and digital comparison can make a mistake), abc.asp works unusually, may obtain first database, likewise separately alters to DBID 7,8,9,10,11,12…May obtain all database. Q? CJJt!?? b  

 
Other pages: : <<Prev * 1 * 2 * 3 * 4 * 5 * 6 * 7 * 8 * 9 * 10 * Next>>
Prev:The random combined command achieves exempts kills Next:The SQL weak password 1433 catch the chicken to meet the question

Comment:

Category: Home > hacker course
Home