Web side-note intrusion detection full use manual

The first step: Find the site of the injection point

Injection point shape such as: http://www.xxxxxxx.com/abc.asp?id=2

1. Can directly click on the link in the site, if the link address is the form above, directly fill in the Injection Point text box

2. Can also use the software "injection point detection", in the Injection Point detection window and then click the "Connect" button, the software will automatically search this site suspicious injection point, but the detection is not absolutely can inject. can also be in the Injection Point detection window open Baidu or Google, in which the keyword search for vulnerabilities, such as in the search box input: inurl:news.asp?id=

The detected injection point appears in the following list in the side-note detection form, a menu appears when you click on the injection point in the list, and the injection point is automatically added to the Injection Point text box in the main window when you tap in the selection menu.

Step two: Detect the injection point

Click on the "Start Injection detection" button, the pop-up dialog box will tell you whether the injection detection success or failure, if the test failed to exchange a point of injection, if the detection of success to enter the next step

The third step: guess the table name, guess the name of the list, guess the content of the solution

Click the "Guess the table name" button to wait to guess the result, guess the solution is finished, if you guessed the table name, then select a table name, click "Guess the list name", the general situation can guess out two column name, one is the administrator account is a password, choose to guess the name of the list, click "Guess Solution", in the bottom of the text box appear guess solution result, If the password length is 16 bits or 32, is likely to be encrypted with MD5 results, at this time need to open MD5 crack site will MD5 ciphertext back, have cracked the possibility of failure.

Fourth step: Scan the background landing address

Click the "Scan background Address" button, pop-up Scan background window, click "Start scanning" can be. The existing page appears in the following list. Click on the address in the list will pop up a menu, choose "Open", and finally, of course, the landing backstage!

Note: Should first scan the background, if the scan does not go to the background landing address, even if the account and password is useless.