1.
Http://jingyan.baidu.com/article/4d58d541ce04ae9dd4e9c0f9.html
2.
ASP Web page is afraid of injecting loopholes, especially the older enterprise website, many have injected loopholes, how to use AH D injection tool to detect ASP site injection vulnerability?
Ah. The D injection tool is an injection tool primarily for SQL, developed by Pengdang and uses multithreading technology to scan injection points in a very short time. Users do not need to go through too much learning to be able to operate very skillfully. And the software comes with some other tools that can provide great convenience to the user.
Tools/Materials
Ah, the D injection tool.
DSQLTools.exe MD5 Value: 1ed52a69d99a0a5b1232c2a0f85013e6
Hash1.04 (MD5 Check tool) Green free version: http://www.xiazaiba.com/html/358.html
Use must-read!
- 1
Because the official software has stopped downloading, so can only be downloaded in the major software stations, but this software is a large part of the malicious bundle of backdoor Trojan, so, for security purposes, after downloading this software, do not run, first with the MD5 verification tool check MD5 value is the same as Ah D published. Tools and MD5 values are already available in the tools above.
END
How to check the MD5 value?
- 1
Open the hash software, drag DSQLTools.exe into the hash software, you can display the Dsqltools MD5 value
Determine the MD5 value of DSQLTools.exe: 1ed52a69d99a0a5b1232c2a0f85013e6 is correct, you can run DSQLTools.exe to open the software.
END
How to use the D injection tool to detect injection vulnerabilities?
Run DSQLTools.exe to open the software
(All anti-virus software will be reported poison, so please turn off the antivirus software, as long as the previous step to check the MD5 value Yes, there is no virus back door)
Click on the "Scan injection point" function on the left of the software, enter the address of the website to be detected in the Address bar, click the Detect button after the address bar.
Below the software will show the detection of the current page injection point, if the homepage does not, you can change other pages, you can click on the page to enter the other pages, click into the site of the various columns, to see whether the page has injected points. If you click on all pages and the connection does not have an injection point, there may not be a common injection vulnerability on your site.
If the detection has an injection point, you can select an injection point, right-click to select "Injection detection" to detect whether the injection is available
Go to the Injection detection page, click the "Detect" button, wait for the bottom left corner to show the detection is complete, and then click "Detect the Table segment"
Here has detected the account password related to the table segment, the general preferred "admin" or "administratior" or user and other administrator account sensitive characters. After the detection is complete, check the password field and select the detection content. will be able to detect the administrator's login account password!
What's the use? d Injection tool detects ASP site injection vulnerabilities