细说暴库的道理与方法(国外英文资料).docVIP

细说暴库的原理与方法(国外英文资料) Talk about the principles and methods of the mob SQL injection has been around for a long time, and were looking for bugs to get things in the database, such as username and password. (of course, the MSSQL database is also available for access). Wouldnt it be nice if we could get the entire database without injecting it? The mob became a more simple intrusion than an injection. About BaoKu method, experts often raise in the invasion of the article, but many are one has brought, some just talk a certain way, also is more methods were discussed. A recent article in the use of the % 5c is a summary of the mob, so it is widely circulated in the Internet. But still there is no principle, and the conclusion is just that experience, rather than that, is a decision to talk about the principles and laws of the mob. One, about the % 5c mob: This approach is known as a flash mob, and it has been popular for a while (and as you know more people, your defenses are strengthened, not as effective as before). This is a simple way of saying that when you open a web page, change the / in the address to % 5c and submit it, and then you can break the path of the database. In fact, not all sites are effective, it is necessary to asp? Id = this page address (for the behavior of the call database), if you confirm the web database have a call, behind can not so, for example chklogin. Asp can also. (of course, there are other conditions, too.) Let me give you an example, _blank _blank 6/yddown%5cview.asp? Id = 3 Change the second / to % 5c _blank _blank 6/yddown%5cview.asp? Id = 3 The following results will be submitted as follows: Microsoft JET Database Engine errorD: 111adminrds_dbd32rfd213fg.mdb is not a valid path. Determine whether the path name is spelled correctly and whether it is connected to the server where the file is stored. / yddown/conn. Asp, (note: this is a website, black against the laboratory BaoKu is they deliberately open, because its m