Perform a simple injection using ice dance 2.5.

Chapter Author: fuer
Source: evil gossip Security Team

Preface:
For a long time, I want to mix it up here, because the ice blood is here :)
I want to post a post, but I found that my permissions can only be posted here. It is depressing.

I have seen several injection-related articles on the forum, such as the bbsxp injection vulnerability. So I also come to get an injection-related article. Just use the recently discovered injection technology to inject new players to ice dance 2.5.
: Http://www.20nt.net/down/shirley2.5.rar

Start
Find a website with a vulnerability (Use and = 1 and = 2 to determine if it is easy to use)
Http: // xxxxxx/product/data. asp? Id = 241 (vulnerable address style)
Add and 1 = 1 (http: // xxxxxx/product/data. asp? Id = 241 and 1 = 1)
Press enter. The content does not seem to change.
Add and 1 = 2 (http: // xxxxxx/product/data. asp? Id = 241 and 1 = 2)
No relevant records are displayed. If the pop-up ID number is incorrect or the pop-up or other denial prompts are displayed, the vulnerability is no longer displayed (I understand this)

Open ice dance below (I don't even have the permission to upload attachments. I'm dizzy, and I can't come up with a graphic explanation)
Click Script Injection
The target address is the vulnerability address we just found.
Http: // xxxxxx/product/data. asp? Id = 241
Keyword. I really don't want to explain it. It's just the table that appears in the database on the missing hole page (so vague, please forgive me for my poor expression ability ), cainiao only need to copy the release time or title displayed on the page (as few as possible, generally one to three or four bytes is enough)

Click "probe Vulnerability" after entering the automatically entered items. Most of the information returned is the vulnerability and database type (provided that you have detected the vulnerability with and 1 = 1 and 1 = 2)

The next step is the automatic brute-force database.
Wait ......
If none exists, all its data information is exposed. Now click Start injection.
Wait ......
Check whether the returned information shows the management account name and password. Now, even if there are vulnerable programs, most of them have already used MD5 encryption, and there are many decryption methods. I will not introduce them one by one, of course, whether the decryption is successful depends on the complexity of the password and the dictionary strength in your hands.

Now we are on the detection background.
Click detection background on the left
Go to the detection page and paste the address that may exist in the background
For example, the above is http: // xxxxxx/product/
Remember to add/after the address
After waiting for the test results, I personally feel that many background addresses of the program are now suffixed with html. However, by default, this is not enough to recognize asp, but we can add it by ourselves, do you need to teach me this?
After logging on to the system, you can use the upload program to find a Trojan.

This post is only used for injection of knowledge exchange. It does not mean that you are engaged in damages. It reminds some programmers that they have not done enough in terms of security. This post is for cainiao and cainiao-level friends to learn, intrude into the website using conventional injection methods.
I am too mentally retarded to express myself. If you cannot understand it, please point out that I should try to make it clear.