Now let's talk about how to determine whether the server's hard disk (partition) Has access through injection points.
This routine is very simple. You don't need to read it if you want ,,,
Just use a video I made, a simple injection, and a music station to test it.
The injection point is ~~ I forgot to find the address.
No. Swearing ~~ That guy is ill, BS
Http://www.fun668.com/user/wmadown.asp? Id = 48187
This is the injection point ~~~
Now let's use the SQL query statement to test whether disk C has access permission.
Statement: and (select count (*) from c: autoexec. bat. c)> 0
The principle is explained. Other AC databases can also be queried across databases ~~ You only need to set the table name after from
Change it to the absolute hard disk address of the MDB database, and add the name of the table to be queried in the background.
For example, I want to query the ADMIN table in disk D yqf. mdb.
And (select count (*) from d: yqf. mdb. admin)> 0
If you know the address of another database on the server hard disk
ACCESS can also be queried across databases, but does not know the address, so this does not matter
And (select count (*) from c: autoexec. bat. c)> 0
Why can I use this sentence to determine whether the disk has access permissions ,,
As we all know, c: autoexec. bat is the system's own file, no matter which system has
WINDOWS is installed on drive C by default. If you cannot find the file, you can
Try other disks ~~~
Now we submit: and (select count (*) from c: autoexec. bat. c)> 0
See it] The unrecognized database format is c: AUTOEXEC. BAT.
Error message, which indicates that disk C has access permission ,,
Because AUTOEXEC is read. BAT treats autoexec. bat as an mdb database.
So the following error message appears,
Now let's use the uploaded horse to see it.
Oh, you have access permissions for drive C ~~~~ Otherwise, the system prompts
C: autoexec. bat has been opened in another way, or you are not authorized to access it.
A prompt like this means you have no access permission.
However, autoexec. bat can be tested .. For example, c: winntsystem32cmd.exe
The original files of these systems can be used for testing.
Hey. Okay, that's it ~~~~~
Not much ,,