Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker course > Content
Hot Articles
SmoothWall Introduces Lo
Travel of the JSP+Oracle
Hacker skill: Gains Webs
Breaks through the Inter
MYSQL database injection
The Tomcat backstage tak
Breaks through the Inter
The hacker teaches you a
WinHex pursues the code
How does the hacker dest
How teaches you to take
The SQL injection revise
mssql SA jurisdiction ne
Microsoft SQL Server SA
The bored Css cross stat
Recommend Articles
The SQL injection revise
How does the hacker dest
The new military recruit
Union inquires the small
MYSQL database injection
Invades under new skill
How does the website scr
Smells searches works as
How in does the net seep
Microsoft SQL Server SA
A simple invasion, does
The mainstream raises th
The bored Css cross stat
The random combined comm
The hacker teaches you a
New Articles
Check Point offers compa
The malware spreads Cali
Full Disk Encryption pro
Cardholders should take
U.S. still more spam tha
Strong encryption L?solu
ConvexSoft DJ Audio Mixe
Few companies k?can be i
IT professionals can kee
k the media?can not by s
k the media?can not by s
Google Custom Search Eng
Users of the iPhone and
Gateshead College offers
Manchester obtained pass
The hacker teaches you anything is the SQL injection method attack(7)
  Add date: 07/16/2008   Publishing date: 07/16/2008   Hits: 13
Total 10 pages, Current page:7, Jump to page:
 

The following supposition obtains the database name is TestDB.
 
l guesses in the solution database the user famous table name
Guesses the solution: This method is guesses table according to individual experience, generally speaking, user, users, member, members, userlist, memberlist, userinfo, manager, admin, adminuser, systemuser, systemusers, sysuser, sysusers, sysaccounts, systemaccounts and so on. And carries on the judgment through the sentence
HTTP://xxx.xxx.xxx/abc.asp? p=YY and (select count(*) from TestDB.dbo. table name) >0, if table existence, then abc.asp works normally, otherwise exceptionally. So the circulation, until guesses correctly the system account number table the name.
Read law: SQL-SERVER has depositing system core information table sysobjects, related storehouse's all tables, information and so on view deposit completely in this table, moreover this table may carry on the visit through WEB.
When Representative xtype='U' and status>0 is the user establishment table, discovers and analyzes each user establishment the table and the name, then may obtain the user famous table name, basic realizes the method is: MMJn | E+  
¢ÙHTTP://xxx.xxx.xxx/abc.asp? p=YY and (select top 1 name from TestD… type='U' and status>0) >0 obtains the first user establishment table name, and carries on the comparison with the integer, obviously abc.asp works unusually, but in exceptionally actually may discover the table the name. The supposition discovered the table name is xyz, then
¢ÚHTTP://xxx.xxx.xxx/abc.asp? p=YY and (select top 1 name from TestDB.dbo.sysobjects&… tatus>0 and name not in ('xyz'))>0 may obtain the second user establishment table name, likewise may obtain all uses the establishment the table name.
According to the table name, may recognize that table user depositing user name and the password generally, following supposition this table named Admin.
l guesses the solution user famous field and the password field name
in the admin table has certainly a user famous field, also certainly some password field, only then obtains this two field name, only then has the possibility to obtain this two field content. How to obtain their name, similarly has the following two methods.
Guesses the solution: This method is guesses the field name according to individual experience, generally speaking, the user famous field's name is commonly used: username, name, user, account and so on. But the password field's name is commonly used: password, pass, pwd, passwd and so on. And carries on the judgment through the sentence
HTTP://xxx.xxx.xxx/abc.asp? p=YY and (select count (field name) from TestDB.dbo.admin) >0 “select count (field name) from table” the sentence obtains the table number of lines, if therefore field name existence, then abc.asp works normally, otherwise exceptionally. So the circulation, until guesses correctly two fields the names.
Read law: Basic realizes the method is? c? tF/9rM)  
HTTP://xxx.xxx.xxx/abc.asp? p=YY and (select… me (object_id ('admin'), 1) from TestDB.dbo.sysobjects) >0. select top 1 col_name (object_id ('admin'), 1) from TestDB.dbo.sysobjects is obtains the known table first field name from sysobjects, when carries on the comparison with the integer, obviously abc.asp works unusually, but in exceptionally actually may discover the field the name. Col_name (object_id ('admin'), 1) 1 changes into turn 2,3,4,5,6…May obtain all field name.

 
Other pages: : <<Prev * 1 * 2 * 3 * 4 * 5 * 6 * 7 * 8 * 9 * 10 * Next>>
Prev:The random combined command achieves exempts kills Next:The SQL weak password 1433 catch the chicken to meet the question

Comment:

Category: Home > hacker course
Home