Professional Documents
Culture Documents
Hnh 3.2. Cng c XCodeXploitScanner Sau khi tm c Website nghi vn ta tin hnh kim tra li bng cch thm du vo sau url:
Hnh 3.3. Kim tra li Sql Injection Khi xut hin li : Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in D:\HOSTING\khoa.nhatnghe.vn\httpdocs\wdn\ceh\theloai.php on line 12 Tc l Website b li SQL Injection. Tip theo ta m s column trong database: http://khoa.nhatnghe.vn/wdn/ceh/theloai.php?id=2 order by 4
Hnh 3.4. m s ct trong database m cho n khi xut hin li nh ban u tc l s column dng li .
Hnh 3.6. Thng tin version php Nh trong hnh th phin bn m website ny ang s dng l: 5.0.45-community-nt.
Tm tn ca Database:
Hnh 3.8. Hin th tt c cc table trong database Tm cc trng bn trong table: users. Chng ta convert users qua m hex c nh sau: 7573657273. Chn thm gi tr 0x trc chui convert thnh : 0x7573657273
Hnh 3.9. Hin th cc column trong table users Ton b cc trng bn trong table: users: idUser,HoTen,Username,Password,DiaChi,Dienthoai,Email,NgayDangKy,idGroup,Nga ySinh,GioiTinh,Active,RandomKey,LoginNumber,DisableDate,Expiration Tip theo ta ly nhng thng tin cn thit nh Username, Password: