Привет всем ! Вот ломаю сайт магазина.. Вырыл инфу думаю очень полезную..но сам прикол я не очень знаком с БД и SQL .. думаю поможете до конца атаку провести.. ======================================== <%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%> <% Response.ExpiresAbsolute = now()-2 Response.Addheader "pragma","no-cache" Response.Addheader "cache-control","private" Response.Cachecontrol="no-cache" %> <!--#include file="Connections/ORADB.asp" --> <% Dim Recordset1 Dim Recordset1_numRows if Request.QueryString("EMAIL") > "" then Set Recordset1 = Server.CreateObject("ADODB.Recordset") Recordset1.ActiveConnection = MM_ORADB_STRING Recordset1.Source = "SELECT PROGRESSIVO, PASSWD FROM BRAINCS.SOGGETTI WHERE EMAIL='"&Request.QueryString("EMAIL")&"'" Recordset1.CursorType = 0 Recordset1.CursorLocation = 2 Recordset1.LockType = 3 Recordset1.Open() Recordset1_numRows = 0 End if %> <% ' *** Recordset Stats, Move To Record, and Go To Record: declare stats variables ' set the record count Recordset1_total = Recordset1.RecordCount ' set the number of rows displayed on this page If (Recordset1_numRows < 0) Then Recordset1_numRows = Recordset1_total Elseif (Recordset1_numRows = 0) Then Recordset1_numRows = 1 End If ' set the first and last displayed record Recordset1_first = 1 Recordset1_last = Recordset1_first + Recordset1_numRows - 1 ' if we have the correct record count, check the other stats If (Recordset1_total <> -1) Then If (Recordset1_first > Recordset1_total) Then Recordset1_first = Recordset1_total If (Recordset1_last > Recordset1_total) Then Recordset1_last = Recordset1_total If (Recordset1_numRows > Recordset1_total) Then Recordset1_numRows = Recordset1_total End If %> <% ' *** Recordset Stats: if we don't know the record count, manually count them If (Recordset1_total = -1) Then ' count the total records by iterating through the recordset Recordset1_total=0 While (Not Recordset1.EOF) Recordset1_total = Recordset1_total + 1 Recordset1.MoveNext Wend ' reset the cursor to the beginning If (Recordset1.CursorType > 0) Then Recordset1.MoveFirst Else Recordset1.Requery End If ' set the number of rows displayed on this page If (Recordset1_numRows < 0 Or Recordset1_numRows > Recordset1_total) Then Recordset1_numRows = Recordset1_total End If ' set the first and last displayed record Recordset1_first = 1 Recordset1_last = Recordset1_first + Recordset1_numRows - 1 If (Recordset1_first > Recordset1_total) Then Recordset1_first = Recordset1_total If (Recordset1_last > Recordset1_total) Then Recordset1_last = Recordset1_total End If %> <html> <head> <title>Ricerca password</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body bgcolor="#FFFFFF" text="#000000"> <%if(Recordset1_total)=1 then if Request.QueryString("REGISTRAZIONE")=1 then HTML = HTML&"Ecco i tuoi dati per accedere a www.SAMPLE.it:<br>" else HTML = HTML&"Cerca password su www.SAMPLE.it<br>" end if HTML = HTML&"<br>Utente: "&(Recordset1.Fields.Item("PROGRESSIVO").Value) HTML = HTML&"<br>Password: "&(Recordset1.Fields.Item("PASSWD").Value) if Request.QueryString("REGISTRAZIONE")=1 then ogg = "Registrazione su www.SAMPLE.it" red = "../../generic_home.htm?SID="&request.QueryString("SID")&Request.Form("SID")&"&ID=251" else ogg = "Cerca Password su www.SAMPLE.it" red = "../../generic_home.htm?SID="&request.QueryString("SID")&Request.Form("SID")&"&ID=225" End if Dim objMail Set objMail = CreateObject("CDONTS.NewMail") objMail.From = "[email protected]" objMail.To = Request.QueryString("EMAIL") objMail.Bcc = "[email protected], [email protected]" objMail.Subject = ogg objMail.BodyFormat = 0 objMail.MailFormat = 0 objMail.Body = HTML objMail.Send response.redirect(red) else if (Recordset1_total)=0 AND Request.QueryString("REGISTRAZIONE")=1 then %> <script language="JavaScript"> document.location="../../generic_home.htm?SID=<%=request.QueryString("SID")&Request.Form("SID")%>&ID=284" </script> <% end if if(Recordset1_total)=0 AND Request.QueryString("REGISTRAZIONE")<>1 then %> <script language="JavaScript"> document.location="../../generic_home.htm?SID=<%=request.QueryString("SID")&Request.Form("SID")%>&ID=226" </script> <% End if if(Recordset1_total)>1 then %> <script language="JavaScript"> document.location="../../generic_home.htm?SID=<%=request.QueryString("SID")&Request.Form("SID")%>&ID=283" </script> <% End if End if %> <br> </body> </html> <% Recordset1.Close() %> ======================================= помогите кто разбираеться..
Connections/ORADB.asp - судя по названию, здесь хранится пароль от БД... причём БД помоему oracle. Также если найдёшь SQL-inj, ты уже знаешь название полей...
