3.1. SQL Injection tin hnh tm kim li SQL Injection chng ta s dng mt s cng c nh: + Sql Poizon v1.

Hnh 3.1. Cng c Sql Poizon v1.1 + XCodeXploitScanner

Hnh 3.2. Cng c XCodeXploitScanner Sau khi tm c Website nghi vn ta tin hnh kim tra li bng cch thm du vo sau url:

Hnh 3.3. Kim tra li Sql Injection Khi xut hin li : Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in D:\HOSTING\khoa.nhatnghe.vn\httpdocs\wdn\ceh\theloai.php on line 12 Tc l Website b li SQL Injection. Tip theo ta m s column trong database: http://khoa.nhatnghe.vn/wdn/ceh/theloai.php?id=2 order by 4

Hnh 3.4. m s ct trong database m cho n khi xut hin li nh ban u tc l s column dng li .

Tip theo tm ct b li bng: UNION SELECT

Hnh 3.5. Tm ct b li y ct th 2 b li. Tip theo ta tm phin bn php ang s dng:

Hnh 3.6. Thng tin version php Nh trong hnh th phin bn m website ny ang s dng l: 5.0.45-community-nt.

Tm tn ca Database:

Hnh 3.7. Tn database Hin th thng tin ca tt c cc table trong Database:

Hnh 3.8. Hin th tt c cc table trong database Tm cc trng bn trong table: users. Chng ta convert users qua m hex c nh sau: 7573657273. Chn thm gi tr 0x trc chui convert thnh : 0x7573657273

Hnh 3.9. Hin th cc column trong table users Ton b cc trng bn trong table: users: idUser,HoTen,Username,Password,DiaChi,Dienthoai,Email,NgayDangKy,idGroup,Nga ySinh,GioiTinh,Active,RandomKey,LoginNumber,DisableDate,Expiration Tip theo ta ly nhng thng tin cn thit nh Username, Password:

Hnh 3.10. Ly thng tin ca trng Username v Password