| Filename | sql injection |
| Permission | rw-r--r-- |
| Author | t3ll0 |
| Date and Time | 05.45 |
| Label | t3ll0 |
| Action |
Before discussing about sql injection first, I will explain what is sql injection and
why can occur.
How SQL injection occurs when the attacker can insert some SQL statement to 'query'
with the manipulation of data input to the application page.
Among the formats such as DB + PHP + MySQL and ASP or MSACCESS with MySQL,
here I will only discuss about ASP + MsSql which I tried on IIS 5 and
some sql injection on the url.
Ordinary Sql Injection is done at the login page in asp in as:
Admin \ login.asp
Login.asp
So who will become the target page, the
aja now we start with the basics of sql injection: d.
Usually in the sql statment
Select id, user_name, password from user
the mean data over the id, user_name and password in the user table.
Bisanya on the login page with using statment result setnya as follows:
select id, user_name, password from user where name = 'echo' and password = 'password'
On IIS and ASP errors when there are sintax akan given a script and displayed in the browser
Server: Msg 170, Level 15, State 1, Line 1 Line 1: Incorrect syntax near 'jopi' SQL or Structured Query Language "
should not touch the system calls. But not with MSSQL.
Nah, ga tau kenapa single quote character 'breaks out'
delimiter of its SQL So if for example there inputan
User: echo '; drop table users --
and the consequences will be fatal, and this means is we remove the user table and the empty deh tuh akan loginya: D
oh yes' - 'merukapan mark its MSSQL, so the next command in the execute ga.
Now for more details we are directly on the login script, such as
+ input login password. The name field is' login 'and' pass'. and
SQL is in the asp: var sql = select * from users where username = ' "+ login +"' and password = ' "+ pass"' ";
try if inputan: login: '; drop table users - pass: chfn (* wink * negative)
sure to drop table users tuh
Oops on a whim, gini deh way gampangnya Eden we forget the above: P we practice direct aja>
Try disitus-search site that uses asp and MsSql as its DB, and search or login.asp
admin \ login.asp.
If I go dapet nich sql variable to its
user: admin
pass: 'or 1 = 1 --
Remember we are here only try its time aja ga pinter DBA: d
or:
user: 'or 1 = 1 --
admin: 'or 1 = 1 --
Mas, ga how can i do?
Inget now the average is the admin at all, we search aja deh yg gombol to test if lo ga bisa
create your own script and a test because I try and create your own package to work without the filter
db on it. To test whether a page has Vulnerable, gini caranya:
Pernh you see on the pages ASP, JSP, PHP and CGI in the addressnya:
http://vivtim/index.asp?id=10
In addition we test the login page above before, we do a little test in the additional
such as entering the addressnya: test'1 = 1 --
become http://victim/index.asp?id=test'1 = 1 --
We can also do with a sql injection xss this, try to download the source HTML of the target page
then we tamhankan hidden field on the source as an example:
why can occur.
How SQL injection occurs when the attacker can insert some SQL statement to 'query'
with the manipulation of data input to the application page.
Among the formats such as DB + PHP + MySQL and ASP or MSACCESS with MySQL,
here I will only discuss about ASP + MsSql which I tried on IIS 5 and
some sql injection on the url.
Ordinary Sql Injection is done at the login page in asp in as:
Admin \ login.asp
Login.asp
So who will become the target page, the
aja now we start with the basics of sql injection: d.
Usually in the sql statment
Select id, user_name, password from user
the mean data over the id, user_name and password in the user table.
Bisanya on the login page with using statment result setnya as follows:
select id, user_name, password from user where name = 'echo' and password = 'password'
On IIS and ASP errors when there are sintax akan given a script and displayed in the browser
Server: Msg 170, Level 15, State 1, Line 1 Line 1: Incorrect syntax near 'jopi' SQL or Structured Query Language "
should not touch the system calls. But not with MSSQL.
Nah, ga tau kenapa single quote character 'breaks out'
delimiter of its SQL So if for example there inputan
User: echo '; drop table users --
and the consequences will be fatal, and this means is we remove the user table and the empty deh tuh akan loginya: D
oh yes' - 'merukapan mark its MSSQL, so the next command in the execute ga.
Now for more details we are directly on the login script, such as
+ input login password. The name field is' login 'and' pass'. and
SQL is in the asp: var sql = select * from users where username = ' "+ login +"' and password = ' "+ pass"' ";
try if inputan: login: '; drop table users - pass: chfn (* wink * negative)
sure to drop table users tuh
Oops on a whim, gini deh way gampangnya Eden we forget the above: P we practice direct aja>
Try disitus-search site that uses asp and MsSql as its DB, and search or login.asp
admin \ login.asp.
If I go dapet nich sql variable to its
user: admin
pass: 'or 1 = 1 --
Remember we are here only try its time aja ga pinter DBA: d
or:
user: 'or 1 = 1 --
admin: 'or 1 = 1 --
Mas, ga how can i do?
Inget now the average is the admin at all, we search aja deh yg gombol to test if lo ga bisa
create your own script and a test because I try and create your own package to work without the filter
db on it. To test whether a page has Vulnerable, gini caranya:
Pernh you see on the pages ASP, JSP, PHP and CGI in the addressnya:
http://vivtim/index.asp?id=10
In addition we test the login page above before, we do a little test in the additional
such as entering the addressnya: test'1 = 1 --
become http://victim/index.asp?id=test'1 = 1 --
We can also do with a sql injection xss this, try to download the source HTML of the target page
then we tamhankan hidden field on the source as an example:
0 komentar:
Posting Komentar