SQLINJECTENCODE.rar
Submitted: 2005-03-29
Submit users:
Kennidy
Tool Category: Attack Program
Running platform: Windows
Tool size: 237936 Bytes
Document MD5: 334041C8427A79EE31DCBDA0AFEC9197
Source: Village rain MURASAME security focus account Kennidy
Use instructions and principles:
For SQL injection into many sites, the Replace ("ID"), "'", "'") is transferred to two single quotes to filter,
There are also Replace (Request ("ID"), "" "," ") to eliminate all spaces to filter.
For "Select * from TableName where id = '" & report (Request ("Id"), "'", there is currently no crack approach, there is currently no way to crack.
But there are many sites to filter in Select * from tablename where id = ")," '","' ").
Because the amount of parameters submitted is not single, there is no single quotation, but only rely on the single quotes of the user data to defend.
SQL injection. This defense can cause normal SQL injection failure, which is an injection semi-defense state. But if we can avoid
If you open a single quotation mark, then that defense is meaningless. Similarly, filter space is also the same.
work process
1. User Enter SQL instructions, such as Exec Master.dbo.xp_cmdshell 'Net User Hectic / Add'
2. The first step of this program is combined into
Declare @z varchar (8000) Set @ z = 'exec master.dbo.xp_cmdshell' 'Net user hectic / add' 'EXECUTE (@z) -
3. The second step of this program is combined into
Declare @z varchar (8000) set @ z = 0x65786563 ... 2f616464 execute (@z) -
4. The third step and become
% 64% 65% 63% 6C ...% 5A% 29% 2D% 2D
5. The fourth step of this program adds% 20 as an injection point barrier
6. If the other party is filtered space, you can select Filte% 20. This program is converted to% 2F% 2A% 2A% 2F.
Use example
such as
Http://www.xxx.com/news.asp?id=255 exists injecting filter defense semi-completed state
So, suppose we hope that the command is exec master.dbo.xp_cmdshell 'net user pop / add'
Enter this command box, this program allows multi-line editing, so SQL code can be on the local SQLServer client
The Query Analyzer test passes the code directly from Query Analyzer to copy the code. Program in coding
The wrap / R / N will be automatically removed during the process.
Then click the Encode button.
Then put all the tops of the above input boxes all attached to the back of ID = 255 (add no space, because the program
Help you add it).
Then your SQL code can run on the other's SQL Server.
Inspiration is completed.
If the other party has space filtering, then the filter can then click eNCode to generate a corresponding encoded string. Declaration
The tool is used for any consequences of any use, which is responsible by the user, the author does not assume any responsibility.
The tool is first released by 0x557.org.
Author
Village rain murame qq3145930
>> Download <<
