tag:blogger.com,1999:blog-15395501018893672952012-02-01T14:41:48.030-08:00sql injectionhttp://www.blogger.com/profile/04352566823640857875noreply@blogger.comBlogger231100tag:blogger.com,1999:blog-1539550101889367295.post-62254834608176052982007-09-19T04:55:00.000-07:002007-09-19T05:02:13.663-07:00<a name="_system_tables"></a>System Tables (T-SQL)<br />The information used by Microsoft® SQL Server™ and its components are stored in special tables known as system tables.<br />Note System tables should not be altered directly by any user. For example, do not attempt to modify system tables with DELETE, UPDATE, or INSERT statements, or user-defined triggers.<br />Applications should not be written to query the system tables directly. Applications should instead use any of these components to retrieve information stored in the system tables:<br />Information schema views<br />System stored procedures<br />Transact-SQL statements and functions<br />SQL-DMO<br />Database application programming interfaces (API) catalog functions<br />These components constitute a published API for obtaining system information from SQL Server. Microsoft maintains the compatibility of these components from release to release. The format of the system tables is dependent upon the internal architecture of SQL Server and may change from release to release. Therefore, applications that directly access the system tables may have to be changed before they can access a later version of SQL Server.<br />System Tables in the master Database Only<br />These tables store server-level system information.<br /><a href="http://doc.ddart.net/mssql/sql70/sys-a_2.htm">sysaltfiles</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-d_2.htm">sysdevices</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-o_1.htm">sysoledbusers</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-c.htm">syscacheobjects</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-l.htm">syslanguages</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-p.htm">sysperfinfo</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-c_2.htm">syscharsets</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-l_1.htm">syslockinfo</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-p_2.htm">sysprocesses</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-c_5.htm">sysconfigures</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-l_2.htm">syslogins</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-r_1.htm">sysremotelogins</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-c_7.htm">syscurconfigs</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-m_6.htm">sysmessages</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-s.htm">sysservers</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-d.htm">sysdatabases</a><br /><br /><br />System Tables in Every Database<br />These tables store database-level system information for each database.<br /><a href="http://doc.ddart.net/mssql/sql70/sys-a_1.htm">sysallocations</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-f.htm">sysfiles</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-o.htm">sysobjects</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-c_3.htm">syscolumns</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-f_2.htm">sysforeignkeys</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-p_1.htm">syspermissions</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-c_4.htm">syscomments</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-f_3.htm">sysfulltextcatalogs</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-p_3.htm">sysprotects</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-c_6.htm">sysconstraints</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-i.htm">sysindexes</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-r.htm">sysreferences</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-d_1.htm">sysdepends</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-i_1.htm">sysindexkeys</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-t_4.htm">systypes</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-f_1.htm">sysfilegroups</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-m.htm">sysmembers</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-u.htm">sysusers</a><br />SQL Server Agent Tables in the msdb Database<br />These tables store information used by SQL Server Agent.<br /><a href="http://doc.ddart.net/mssql/sql70/sys-a.htm">sysalerts</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-j_1.htm">sysjobschedules</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-t.htm">systargetservergroupmembers</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-c_1.htm">syscategories</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-j_3.htm">sysjobservers</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-t_1.htm">systargetservergroups</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-d_3.htm">sysdownloadlist</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-j_4.htm">sysjobsteps</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-t_2.htm">systargetservers</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-j.htm">sysjobhistory</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-n.htm">sysnotifications</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-t_3.htm">systaskids</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-j_2.htm">sysjobs</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-o_2.htm">sysoperators</a><br /><br />Tables in the msdb Database<br />These tables store information used by database backup and restore operations.<br /><a href="http://doc.ddart.net/mssql/sql70/sys_00_1.htm">backupfile</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys_00_4.htm">backupset</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_35.htm">restorefilegroup</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys_00_2.htm">backupmediafamily</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_34.htm">restorefile</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_36.htm">restorehistory</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys_00_3.htm">backupmediaset</a><br /><br /><br />Tables Used to Store Replication Information<br />These tables are used by replication and stored in the master database.<br /><a href="http://doc.ddart.net/mssql/sql70/sys-a_3.htm">sysarticles</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-p_4.htm">syspublications</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-s.htm">sysservers</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-d.htm">sysdatabases</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-r_2.htm">sysreplicationalerts</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-s_1.htm">syssubscriptions</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-o.htm">sysobjects</a><br /><br /><br />These tables are used by replication and stored in the distribution database.<br /><a href="http://doc.ddart.net/mssql/sql70/ms-table.htm">MSagent_parameters</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_10.htm">MSmerge_agents</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_25.htm">Msrepl_originators</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_1.htm">MSagent_profiles</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_14.htm">MSmerge_history</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_26.htm">MSrepl_transactions</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_2.htm">MSarticles</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_16.htm">MSmerge_subscriptions</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_27.htm">MSrepl_version</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_3.htm">MSdistpublishers</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_18.htm">MSpublication_access</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_28.htm">MSsnapshot_agents</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_4.htm">MSdistributiondbs</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_19.htm">Mspublications</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_29.htm">MSsnapshot_history</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_5.htm">MSdistribution_agents</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_20.htm">Mspublisher_databases</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_30.htm">MSsubscriber_info</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_6.htm">MSdistribution_history</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_21.htm">MSreplication_objects</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_31.htm">MSsubscriber_schedule</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_7.htm">MSdistributor</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_22.htm">MSreplication_subscriptions</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_32.htm">MSsubscriptions</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_8.htm">MSlogreader_agents</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_23.htm">MSrepl_commands</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_33.htm">MSsubscription_properties</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_9.htm">MSlogreader_history</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_24.htm">MSrepl_errors</a><br /><br />These tables are used by replication and stored in the user’s database.<br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_11.htm">MSmerge_contents</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_17.htm">MSmerge_tombstone</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-m_3.htm">sysmergeschemachange</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_12.htm">MSmerge_delete_conflicts</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-a_4.htm">sysarticleupdates</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-m_4.htm">sysmergesubscriptions</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_13.htm">MSmerge_genhistory</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-m_1.htm">sysmergearticles</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-m_5.htm">sysmergesubsetfilters</a><br /><a href="http://doc.ddart.net/mssql/sql70/ms-table_15.htm">MSmerge_replinfo</a><br /><a href="http://doc.ddart.net/mssql/sql70/sys-m_2.htm">sysmergepublications</a><br /><br /><br /><a href="http://doc.ddart.net/mssql/sql70/8_gs_00_8.htm">(c) 1988-98 Microsoft Corporation. All Rights Reserved. </a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1539550101889367295-6225483460817605298?l=sqlinject.blogspot.com' alt='' /></div>sql injectionhttp://www.blogger.com/profile/04352566823640857875noreply@blogger.com0tag:blogger.com,1999:blog-1539550101889367295.post-11085976075931935492007-09-14T22:58:00.000-07:002007-09-14T23:01:16.141-07:00<embed src="https://s3.amazonaws.com/slideshare/ssplayer.swf?id=78443&amp;doc=advanced-topics-on-sql-injection-protection4056" type="application/x-shockwave-flash" height="500" width="500"></embed><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1539550101889367295-1108597607593193549?l=sqlinject.blogspot.com' alt='' /></div>sql injectionhttp://www.blogger.com/profile/04352566823640857875noreply@blogger.com0tag:blogger.com,1999:blog-1539550101889367295.post-35390401929313539672007-09-07T00:01:00.000-07:002007-09-07T00:07:00.886-07:00Bugün Ferruh Mavituna'nın günlüğünü okurken oradan onun başka bir yazısına geçtim. Nasa sistemine giren hacker ile ilgili yazısı şurada:<a href="http://ferruh.mavituna.com/makale/nasa-hacker-i-ile-roportaj">http://ferruh.mavituna.com/makale/nasa-hacker-i-ile-roportaj</a><br />Ama benim o hacker'dan çok vurgulamak istediğim yazıdaki şurası:<br /><br /><blockquote><p align="left">...<br />Zincir ve zayıf halka teorisinin kuralının en büyük örneklerinden biri<br />olsa gerek. <strong><span style="font-size:130%;">Eğer yeterince sistemi tararsanız açık<br />bulabilirsiniz. </span></strong>Zamanında yahoo' da benzer bir şekilde<br />normalde internette hiç bir yerde bağlantısı olmayan bir iç proxy ile<br />hacklenmişti.<br />...</p></blockquote><br /><br /><br />Bence açık bulmak için çok doğru ve yeterli bir yöntem, yeteri kadar sistemi taramak<br /><blockquote><br /></blockquote><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1539550101889367295-3539040192931353967?l=sqlinject.blogspot.com' alt='' /></div>sql injectionhttp://www.blogger.com/profile/04352566823640857875noreply@blogger.com0tag:blogger.com,1999:blog-1539550101889367295.post-32243819584515921092007-09-04T00:06:00.001-07:002007-09-04T00:09:34.900-07:00<a href="http://www.security-hacks.com/2007/05/18/top-15-free-sql-injection-scanners">http://www.security-hacks.com/2007/05/18/top-15-free-sql-injection-scanners</a><br />--------------------------------------------------------------<br /><br /><a title="Top 15 free SQL Injection Scanners" href="http://www.security-hacks.com/2007/05/18/top-15-free-sql-injection-scanners" rel="bookmark">Top 15 free SQL Injection Scanners</a><br />Friday, 18 May 2007 - 15:05 EST <a title="View all posts in Tools" href="http://www.security-hacks.com/category/tools/" rel="category tag">Tools</a>, <a title="View all posts in Web Security" href="http://www.security-hacks.com/category/web-security/" rel="category tag">Web Security</a>, <a title="View all posts in Network" href="http://www.security-hacks.com/category/network/" rel="category tag">Network</a><br />While the adoption of web applications for conducting online business has enabled companies to connect seamlessly with their customers, it has also exposed a number of security concerns stemming from improper coding. Vulnerabilities in web applications allow hackers to gain direct and public access to sensitive information (e.g. personal data, login credentials).<br />Web applications allow visitors to submit and retrieve data to/from a database over the Internet. Databases are the heart of most web applications. They hold data needed for web applications to deliver specific content to visitors and provide information to customers, suppliers etc.<a id="more-53"></a><br />SQL Injection is perhaps the most common web-application hacking technique which attempts to pass SQL commands through a web application for execution by the back-end database. The vulnerability is presented when user input is incorrectly sanitized and thereby executed.<br />Checking for SQL Injection vulnerabilities involves auditing your web applications and the best way to do it is by using automated SQL Injection Scanners. We’ve compiled a list of free SQL Injection Scanners we believe will be of a value to both web application developers and professional security auditors.<br />SQLIer - SQLIer takes a vulnerable URL and attempts to determine all the necessary information to exploit the SQL Injection vulnerability by itself, requiring no user interaction at all. <a href="http://bcable.net/project.php?sqlier" target="_blank">Get SQLIer</a>.<br />SQLbftools - SQLbftools is a collection of tools to retrieve MySQL information available using a blind SQL Injection attack. <a href="http://www.reversing.org/node/view/11" target="_blank">Get SQLbftools</a>.<br />SQL Injection Brute-forcer - SQLibf is a tool for automatizing the work of detecting and exploiting SQL Injection vulnerabilities. SQLibf can work in Visible and Blind SQL Injection. It works by doing simple logic SQL operations to determine the exposure level of the vulnerable application. <a href="http://www.open-labs.org/sqlibf19beta1.tar.gz" target="_blank">Get SQLLibf</a>.<br />SQLBrute - SQLBrute is a tool for brute forcing data out of databases using blind SQL injection vulnerabilities. It supports time based and error based exploit types on Microsoft SQL Server, and error based exploit on Oracle. It is written in Python, uses multi-threading, and doesn’t require non-standard libraries. <a href="http://www.justinclarke.com/security/sqlbrute.py" target="_blank">Get SQLBrute</a>.<br />BobCat - BobCat is a tool to aid an auditor in taking full advantage of SQL injection vulnerabilities. It is based on <a href="http://www.appsecinc.com/presentations/Manipulating_SQL_Server_Using_SQL_Injection.pdf" target="_blank">AppSecInc</a> research. It can list the linked severs, database schema, and allow the retrieval of data from any table that the current application user has access to. <a href="http://www.northern-monkee.co.uk/projects/bobcat/bobcat.html" target="_blank">Get BobCat</a>.<br />SQLMap - SQLMap is an automatic blind SQL injection tool, developed in python, capable to perform an active database management system fingerprint, enumerate entire remote databases and much more. The aim of SQLMap is to implement a fully functional database management system tool which takes advantages of web application programming security flaws which lead to SQL injection vulnerabilities. <a href="http://sqlmap.sourceforge.net/" target="_blank">Get SQLMap</a>.<br />Absinthe - Absinthe is a GUI-based tool that automates the process of downloading the schema and contents of a database that is vulnerable to Blind SQL Injection. <a href="http://www.0x90.org/releases/absinthe/download.php" target="_blank">Get Absinthe</a>.<br />SQL Injection Pen-testing Tool - The SQL Injection Tool is a GUI-based utility designed to examine database through vulnerabilities in web-applications. <a href="http://sqltool.itdefence.ru/indexeng.html" target="_blank">Get SQL Injection Pen-testing tool</a>.<br />SQID - SQL Injection digger (SQLID) is a command line program that looks for SQL injections and common errors in websites. It can perform the follwing operations: look for SQL injection in a web pages and test submit forms for possible SQL injection vulnerabilities. <a href="http://sqid.rubyforge.org/" target="_blank">Get SQID</a>.<br />Blind SQL Injection Perl Tool - bsqlbf is a Perl script that lets auditors retrieve information from web sites that are vulnerable to SQL Injection. <a href="http://www.unsec.net/download/bsqlbf.pl" target="_blank">Get Blind SQL Injection Perl Tool</a>.<br />SQL Power Injection Injector - SQL Power Injection helps the penetration tester to inject SQL commands on a web page. It’s main strength is its capacity to automate tedious blind SQL injection with several threads. <a href="http://www.sqlpowerinjector.com/" target="_blank">Get SQL Power Injection</a>.<br />FJ-Injector Framwork - FG-Injector is a free open source framework designed to help find SQL injection vulnerabilities in web applications. It includes a proxy feature for intercepting and modifying HTTP requests, and an interface for automating SQL injection exploitation. <a href="http://sourceforge.net/project/showfiles.php?group_id=183841" target="_blank">Get FJ-Injector Framework</a>.<br />SQLNinja - SQLNinja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end database. <a href="http://sqlninja.sourceforge.net/" target="_blank">Get SQLNinja</a>.<br />Automagic SQL Injector - The Automagic SQL Injector is an automated SQL injection tool designed to help save time on penetration testing. It is only designed to work with vanilla Microsoft SQL injection holes where errors are returned. <a href="http://www.indianz.ch/tools/attack/automagic.zip" target="_blank">Get Automagic SQL Injector</a>.<br />NGSS SQL Injector - NGSS SQL Injector exploit vulnerabilities in SQL injection on disparate database servers to gain access to stored data. It currently supports the following databases: Access, DB2, Informix, MSSQL, MySQL, Oracle, Sysbase. <a href="http://www.indianz.ch/tools/attack/sqlinjector.zip" target="_blank">Get NGSS SQL Injector</a>.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1539550101889367295-3224381958451592109?l=sqlinject.blogspot.com' alt='' /></div>sql injectionhttp://www.blogger.com/profile/04352566823640857875noreply@blogger.com0tag:blogger.com,1999:blog-1539550101889367295.post-27409384357513051382007-08-03T13:38:00.000-07:002007-09-03T03:34:07.831-07:00<p>HTML 4.01 supports the ISO 8859-1 (Latin-1) character set.</p><br /><p>The lower part of ISO-8859-1 (codes from 0-127) is the<br /><a href="http://www.w3schools.com/tags/ref_ascii.asp">original 7-BIT ASCII<br />standard</a>. </p><p>Most of these characters can be used without a character reference.</p><br /><p>The higher part of ISO-8859-1 (codes from 160-255) can all be used using<br />character entity names.</p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1539550101889367295-2740938435751305138?l=sqlinject.blogspot.com' alt='' /></div>sql injectionhttp://www.blogger.com/profile/04352566823640857875noreply@blogger.com0tag:blogger.com,1999:blog-1539550101889367295.post-47713877726659078122007-07-19T07:56:00.000-07:002007-07-19T08:15:48.401-07:00Sitelerdeki sql sızma açıklarını bulmak hiç de zor değil. Kendinizi sql, mssql, mysql ya da herhangi bir veritabanı konusunda geliştirmek için ihtiyacanız olan deneme tahtalarını bulmak hiç zor değil.<br />Google'dan arama yaparak rahatlıklar bulabilirsiniz.<br /><br />Benim denediğim yöntemle, özellikle toplu açıkları bulanabilir.<br /><br />Google'da "online alışveriş çözümleri", "eticare çözümleri", "kurumsal web sitesi" kelime gruplarını arattırırsanız. Web tasarımı yapan, ticari web sitesi paketleri, alışveriş sitesi paketleri sunan biçok siteyle karşılacaksınız. Bu sitelerin referans bölümlerinden yaptıkları sitelere ulaşabilir. Referans sitedeki bağlantıları deneyerek açklar bulanabilir.<br /><br />Ben sql/sızma/injection konusunda fazla tecrübeli olmamama rağmen google'da arattırdeğım birçok sitede açık bulabildim. Bu açıklar o kadar kötü açıklardı ki sitedeki ürünlerin fiyatlarını bile değiştirebiliyordum.<br /><br />Aklınızdan herkes artık önlemini alıyor diye geçirebilirsiniz. Fakat yanılıyorsunuz. Bu siteleri yapanlar da sonuçta insan. Bir sitenin en az 10 tane sayfası oluyor. Bunların alt sayfaları eklentileri derken, hepsindeki sorguları, ifadeleri denetimden geçirmek kolay değil. Genellikle üye giriş sayfalarındaki formlarda süzme işlevleri kullanırlar. Fakat www.xxx.com/haber/resim.asp?resimid?=145 gibi bir sayfada "resimid" değerini süzmek ile uğraşmazlar. Çünkü bu bir resimin bağlantısıdır. Zaten javascript ile bir pencerede gösteriliyordur ve adresi görünmüyordur. Böyle küçük hatalarla - hata demeyelim önlem almamak- büyük açıklar oluşabiliyor.<br /><br />Bir işyerinin referanslarının birinde açık bulduysanız, bu demektir ki onlarca sitenin açığını bulmuşsunuz. Diğer referans sitelerin bir yerinde illaki bir açık vardır.<br /><span style="font-size:180%;"><br /></span><span style="font-weight: bold;"><span style="font-size:180%;"><span style="font-style: italic;">İnsan bu, "Beşer şaşar".</span><br /></span><span style="font-weight: bold;"><span style="font-size:130%;"><br /><span style="font-family: lucida grande;">Ama dikkat edilmelidir ki bu referans siteler ticari kurumların siteleridir ve içindeki bilgilerin, sahibinden izinsiz olarak ele geçirilmesi suçtur. Hırsızlık kapsamına girer. Siteki bilgilerin değiştirilmesi, silinmesi - örneğin bir ürünün fiyatının değiştirilmesi- o firmanın adresine gidip, ürünlerini kırmaktan farksızdır.</span><br /><br /><span style="font-family: lucida grande;">Sql konusunda, denemelerinizi yaparken dikkatli olun. Evden vs. giriyorsanız yakalanma olasılığınız yüksektir. Dikkatli olun!</span></span><br /></span></span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1539550101889367295-4771387772665907812?l=sqlinject.blogspot.com' alt='' /></div>sql injectionhttp://www.blogger.com/profile/04352566823640857875noreply@blogger.com0tag:blogger.com,1999:blog-1539550101889367295.post-64642849186896886792007-07-19T05:55:00.000-07:002007-09-04T00:15:52.699-07:00<a href="http://www.driverara.org/sorudetay.asp?id=4715%27" 1="'1;--">http://www.driverara.org/sorudetay.asp?id=4715%27 having 1=1;--</a><br /><br /><p><span style="font-family:Arial;font-size:85%;"></span></p><blockquote><p><span style="font-family:Arial;font-size:85%;">Microsoft OLE DB Provider for SQL Server</span> <span style="font-family:Arial;font-size:85%;">error '80040e14'</span> </p><p><span style="font-family:Arial;font-size:85%;">Column 'soru.cat' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause.</span> </p><p><span style="font-family:Arial;font-size:85%;">/sorudetay.asp</span><span style="font-family:Arial;font-size:85%;">, line 72</span> </p></blockquote><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1539550101889367295-6464284918689688679?l=sqlinject.blogspot.com' alt='' /></div>sql injectionhttp://www.blogger.com/profile/04352566823640857875noreply@blogger.com0tag:blogger.com,1999:blog-1539550101889367295.post-12563803580699079942007-07-19T05:26:00.000-07:002007-07-19T05:28:00.388-07:00<a href="http://www.prc.gov/dockets.asp?ID=R2006-1%27">http://www.prc.gov/dockets.asp?ID=R2006-1'</a><br /><br /><span style="font-weight: bold; font-style: italic;">Sunucu:Oracle</span><br /><span style="font-weight: bold;">Hata:<br /><br /></span><p style="font-weight: bold;"><span style="font-family:Arial;font-size:85%;"></span></p><blockquote><p><span style="font-family:Arial;font-size:85%;">Microsoft OLE DB Provider for ODBC Drivers</span> <span style="font-family:Arial;font-size:85%;">error '80004005'</span> </p><p> <span style="font-family:Arial;font-size:85%;">[Oracle][ODBC][Ora]ORA-01756: quoted string not properly terminated </span> </p><p> <span style="font-family:Arial;font-size:85%;">/dockets.asp</span><span style="font-family:Arial;font-size:85%;">, line 41</span></p></blockquote><p style="font-weight: bold;"><span style="font-family:Arial;font-size:85%;"></span> </p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1539550101889367295-1256380358069907994?l=sqlinject.blogspot.com' alt='' /></div>sql injectionhttp://www.blogger.com/profile/04352566823640857875noreply@blogger.com0tag:blogger.com,1999:blog-1539550101889367295.post-87046720024107864332007-07-19T04:54:00.000-07:002007-07-19T05:02:30.349-07:00<a href="http://www.trb.org/news/blurb_detail.asp?id=2326%27">http://www.trb.org/news/blurb_detail.asp?id=2326'</a><br /><br /><p><span style="font-family:Arial;font-size:85%;"></span></p><blockquote><p><span style="font-family:Arial;font-size:85%;">Microsoft OLE DB Provider for SQL Server</span> <span style="font-family:Arial;font-size:85%;">error '80040e14'</span> </p><p> <span style="font-family:Arial;font-size:85%;">Line 1: Incorrect syntax near ',','.</span> </p><p> <span style="font-family:Arial;font-size:85%;">/news/blurb_detail.asp</span><span style="font-family:Arial;font-size:85%;">, line 24</span></p></blockquote><br />Sql sızma denemeleri...<br />Sql injection<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1539550101889367295-8704672002410786433?l=sqlinject.blogspot.com' alt='' /></div>sql injectionhttp://www.blogger.com/profile/04352566823640857875noreply@blogger.com0tag:blogger.com,1999:blog-1539550101889367295.post-12409561434369103872007-07-19T04:48:00.000-07:002007-07-19T04:54:14.434-07:00<span style="font-weight: bold;">id=25013 having 1=1</span><br /><a href="http://www.aiim.org/standards.asp?id=25013%20having%201=1">http://www.aiim.org/standards.asp?id=25013%20having%201=</a><a href="http://www.aiim.org/standards.asp?id=25013%20having%201=1">1</a><br /><br /><p><span style="font-family:Arial;font-size:85%;"></span></p><blockquote><p><span style="font-family:Arial;font-size:85%;">Microsoft OLE DB Provider for ODBC Drivers</span> <span style="font-family:Arial;font-size:85%;">error '80040e14'</span> </p><p> <span style="font-family:Arial;font-size:85%;">[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'vwwebarticles.ProductID' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause.</span> </p><p> <span style="font-family:Arial;font-size:85%;">/GetArticle.asp</span><span style="font-family:Arial;font-size:85%;">, line 101</span></p></blockquote><p><span style="font-family:Arial;font-size:85%;"></span> </p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1539550101889367295-1240956143436910387?l=sqlinject.blogspot.com' alt='' /></div>sql injectionhttp://www.blogger.com/profile/04352566823640857875noreply@blogger.com0tag:blogger.com,1999:blog-1539550101889367295.post-21297275303143470392007-07-17T09:01:00.000-07:002007-07-17T09:52:33.488-07:00<span style="font-weight: bold;">Adres: </span>http://www.xxx.com/default.asp?id=15 having 1=1;--<br /><br /><span style="font-weight: bold;">Hata:<br /></span><p><span style=";font-family:Arial;font-size:85%;" ></span></p><blockquote><p><span style=";font-family:Arial;font-size:85%;" >Microsoft OLE DB Provider for SQL Server</span> <span style=";font-family:Arial;font-size:85%;" >error '80040e07'</span> </p><p> <span style=";font-family:Arial;font-size:85%;" >Syntax error converting the varchar value '15 having 1=1;--' to a column of data type int.</span> </p><p> <span style=";font-family:Arial;font-size:85%;" >/default.asp</span><span style=";font-family:Arial;font-size:85%;" >, line 61</span> </p></blockquote><span style="font-weight: bold;">Çözüm:<br /></span><span style="font-family:georgia;">http://www.xxx.com/default.asp?id=15</span><span style="font-weight: bold;font-family:georgia;" >' having 1=1;--<br /><br />Kaynak:<a href="http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=243810&SiteID=1">http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=243810&amp;SiteID=1</a><br />Alıntı:<br /></span><blockquote><span style="font-weight: bold;font-family:georgia;" ><br />- </span><span id="_ctl0_MainContent_PostFlatView" style="font-family:georgia;"><span class="txt5"><span id="_ctl0_MainContent_PostFlatView__ctl0_PostRepeater__ctl0_Subject" style="font-weight: bold;">Syntax error converting the varchar value 'a' to a column of data type int<br /><br /></span></span></span><span id="_ctl0_MainContent_PostFlatView" style="font-family:georgia;"><span><p>I have a table(<strong>tab1</strong>) with a column(<strong>col1</strong>) of type varchar. I insert a row with an integer value(<strong>1</strong>). And when i query the table using the sql, <strong>select col1 from tab1 where col1 = 1</strong>, it works fine. </p> <p>But after i insert a varchar, say '<strong>a</strong>' and then do the same query, i get an error message saying, "Syntax error converting the varchar value 'a' to a column of data type int.". Why is this so? Please reply.</p><p><span id="_ctl0_MainContent_PostFlatView"><span>- Try <span id="_ctl0_MainContent_PostFlatView"><span><strong>select col1 from tab1 where col1 = '1'<br /></strong></span></span> The ' around the 1 tells SQL server it is comparing the charater 1 not the number 1 </span></span></p> </span> </span><span id="_ctl0_MainContent_PostFlatView"><span class="txt5"><span id="_ctl0_MainContent_PostFlatView__ctl0_PostRepeater__ctl0_Subject" style="font-weight: bold;"></span> </span></span><br /></blockquote><span style="font-weight: bold;"><br /></span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1539550101889367295-2129727530314347039?l=sqlinject.blogspot.com' alt='' /></div>sql injectionhttp://www.blogger.com/profile/04352566823640857875noreply@blogger.com0tag:blogger.com,1999:blog-1539550101889367295.post-20588075726210310572007-07-15T06:19:00.000-07:002007-07-19T04:48:04.318-07:00<a href="http://www.google.com.tr/search?q=inurl:%22asp?id=%22">http://www.google.com.tr/search?q=inurl:"asp?id="</a><br /><br />Arama kutusuna<span style="font-weight: bold;"> <a href="http://www.google.com.tr/search?q=inurl:%22asp?id=%22">inurl:"asp?id=" </a></span>veya <span style="font-weight: bold;"><a href="http://www.google.com.tr/search?q=inurl:%22php?id=%22">inurl:"php?id="</a> </span>vs. anahtar ifadeleriyle kendiniz için bir test ortamı sunacak site bulabilirsiniz.<br />Tabi sitenin sahibinin bu testi sunduğundan haberi olmayacak başka<br /><br /><a style="font-weight: bold;" href="http://www.google.com.tr/search?hl=tr&q=inurl%3A%22asp%3F%25id%25%3D0..999999">inurl:"asp?%id%=0..999999"</a><br /><a href="http://www.google.com.tr/search?hl=tr&amp;q=inurl%3A%22asp%3F%25id%25%3D0..999999">http://www.google.com.tr/search?hl=tr&q=inurl%3A%22asp%3F%25id%25%3D0..999999</a><br /><span style="font-weight: bold;"></span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1539550101889367295-2058807572621031057?l=sqlinject.blogspot.com' alt='' /></div>sql injectionhttp://www.blogger.com/profile/04352566823640857875noreply@blogger.com0tag:blogger.com,1999:blog-1539550101889367295.post-66079551356438292362007-07-15T06:15:00.000-07:002007-07-15T06:18:43.981-07:00http://www.hayatiminhatasi.com<br />Üye giriş ekranında bariz hata var. Biraz kurcaladıktan sonra site sahibine ve üyelerine iletmek gerekli :D<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1539550101889367295-6607955135643829236?l=sqlinject.blogspot.com' alt='' /></div>sql injectionhttp://www.blogger.com/profile/04352566823640857875noreply@blogger.com0tag:blogger.com,1999:blog-1539550101889367295.post-18350364462834165242007-07-15T06:12:00.000-07:002007-07-15T06:14:52.085-07:00<span style="font-weight: bold;font-size:130%;" ></span><span style="font-family:Arial;font-size:85%;">Microsoft OLE DB Provider for ODBC Drivers</span> <span style="font-family:Arial;font-size:85%;">error '80040e14'</span><p> </p><p> <span style="font-family:Arial;font-size:85%;">[MySQL][ODBC 3.51 Driver][mysqld-4.0.23a]You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1</span> </p><p> <span style="font-family:Arial;font-size:85%;">/inc_sayac.asp</span><span style="font-family:Arial;font-size:85%;">, line 33</span> </p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1539550101889367295-1835036446283416524?l=sqlinject.blogspot.com' alt='' /></div>sql injectionhttp://www.blogger.com/profile/04352566823640857875noreply@blogger.com0tag:blogger.com,1999:blog-1539550101889367295.post-74930622127952175752007-07-15T06:00:00.001-07:002007-07-19T09:52:50.225-07:00<span style="font-weight: bold;font-size:130%;" ><a href="http://www.cnbce.com/dizi.asp?ID=3%20having%201=1">http://www.cnbce.com/dizi.asp?ID=3 having 1=1</a><br /></span><p><span style="font-family:Arial;font-size:85%;"></span></p><blockquote><p><span style="font-family:Arial;font-size:85%;">Microsoft OLE DB Provider for SQL Server</span> <span style="font-family:Arial;font-size:85%;">error '80040e14'</span> </p><p> <span style="font-family:Arial;font-size:85%;">Column 'Serials.SerialID' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause.</span> </p><p> <span style="font-family:Arial;font-size:85%;">/dizi.asp</span><span style="font-family:Arial;font-size:85%;">, line 13</span></p></blockquote><p><span style="font-family:Arial;font-size:85%;"></span> </p><br /><span style=";font-family:Arial;font-size:85%;" ><br /></span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1539550101889367295-7493062212795217575?l=sqlinject.blogspot.com' alt='' /></div>sql injectionhttp://www.blogger.com/profile/04352566823640857875noreply@blogger.com0tag:blogger.com,1999:blog-1539550101889367295.post-33696983972269680552007-07-15T05:48:00.000-07:002007-07-15T05:49:38.456-07:00<span style="font-weight: bold;font-size:130%;" >http://www.teknodijital.com/asp<br />/listgroup.asp?group=<br /><br />(union)<br /></span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1539550101889367295-3369698397226968055?l=sqlinject.blogspot.com' alt='' /></div>sql injectionhttp://www.blogger.com/profile/04352566823640857875noreply@blogger.com0tag:blogger.com,1999:blog-1539550101889367295.post-17977192520309227512007-07-15T05:45:00.001-07:002007-07-15T05:45:30.470-07:00<span style="font-size:130%;"><span style="font-weight: bold;">http://www.stokburada.com/</span><br /><span style="font-weight: bold;">index.php?k_id=</span></span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1539550101889367295-1797719252030922751?l=sqlinject.blogspot.com' alt='' /></div>sql injectionhttp://www.blogger.com/profile/04352566823640857875noreply@blogger.com1tag:blogger.com,1999:blog-1539550101889367295.post-91934670904594354792007-07-15T05:40:00.001-07:002007-07-15T05:42:16.991-07:00<span style="font-weight: bold;font-size:130%;" >http://www.alisverissiteleri.net/<br />siteler.asp?kategori=</span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1539550101889367295-9193467090459435479?l=sqlinject.blogspot.com' alt='' /></div>sql injectionhttp://www.blogger.com/profile/04352566823640857875noreply@blogger.com0tag:blogger.com,1999:blog-1539550101889367295.post-28647213876036456302007-07-15T05:03:00.000-07:002007-07-15T05:15:40.722-07:00<div style="text-align: left;"><span style="font-size:100%;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://addons.mozilla.org/en-US/firefox/addon/3899"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 235px; height: 141px;" src="https://addons.mozilla.org/en-US/firefox/images/addon_preview/3899/1" alt="" border="0" /></a></span><span style="font-size:100%;"><span style="font-weight: bold;">HackBar bir firefox eklentisi, sql ile sitelere sızarken, sizi site adresiyle boşlukları kaldırmaktan, gerekli fonksiyonları aramaktan vs. kurtarıyor. Çok kullanışlı bir eklenti<br /><a href="https://addons.mozilla.org/en-US/firefox/addon/3899">Bu adresten inceleyebilirsiniz ve indirebilirsiniz.</a><br /><br /></span></span></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1539550101889367295-2864721387603645630?l=sqlinject.blogspot.com' alt='' /></div>sql injectionhttp://www.blogger.com/profile/04352566823640857875noreply@blogger.com0tag:blogger.com,1999:blog-1539550101889367295.post-87578663250077546082007-07-15T04:52:00.001-07:002007-07-15T05:18:02.436-07:00<span style="font-weight: bold;font-size:130%;" >http://www.alisverissiteleri.net/<br />alisveris.asp?sid=</span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1539550101889367295-8757866325007754608?l=sqlinject.blogspot.com' alt='' /></div>sql injectionhttp://www.blogger.com/profile/04352566823640857875noreply@blogger.com0tag:blogger.com,1999:blog-1539550101889367295.post-5247099869784219622007-07-15T04:36:00.000-07:002007-07-19T09:48:43.212-07:00Bu firefox eklentisi çok işe yarıyor: Cookie silmek, düzenlemek, javascripti, meta redirecti engellemek, form detayları, gizli öğeler...<br />Sayfanın içini dışını gösteriyor düğmeleriyle size.<br />Ben <a href="http://ferruh.mavituna.com/makale/firefox-eklentileri/">http://ferruh.mavituna.com/makale/firefox-eklentileri/</a> Ferruh Mavituna'nın günlüğünde görmüştüm. Kullandım işe yarıyor.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1539550101889367295-524709986978421962?l=sqlinject.blogspot.com' alt='' /></div>sql injectionhttp://www.blogger.com/profile/04352566823640857875noreply@blogger.com0tag:blogger.com,1999:blog-1539550101889367295.post-77223954776132663232007-07-15T04:22:00.000-07:002007-07-15T05:18:42.277-07:00<span style="font-weight: bold;">"http://www.sicakhikaye.com/<br />kategori.asp?id="</span><br /><br />Site bir "porno hikaye" sitesi. En baştan söyleyeim işim olmaz nu sitelerle. Fakat asp kullanmış. Açığı belli artık nasıl oynarsanız. id= yerine yaza yaza sızacaksınız artık...<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1539550101889367295-7722395477613266323?l=sqlinject.blogspot.com' alt='' /></div>sql injectionhttp://www.blogger.com/profile/04352566823640857875noreply@blogger.com0tag:blogger.com,1999:blog-1539550101889367295.post-86249890907597879972007-07-15T04:16:00.000-07:002007-07-15T04:21:37.725-07:00Sql ile uğraşırken google'da arama yapıp, açığı olan siteleri yayınlıyorum. Gerçek hayatta sitelerde hala açıklar var. Bir çeşit canlı deneme ortamı oluşturuyoeum. Siz de bu günlükten yaralanıp, sitelerde kendinizi sınayabilirsiniz sql ile sızma konusunda.<br /><br />En baştan söyleyeyim bu siteleri test amaçlı bulup yazıyorum. Oyun parkı gibi bir şey yani...<br /><br />Siteler üstünde dilediğinizi yapmakta serbestsiniz. Sonuçların tüm sorumluluğu, sitelere sızma girişiminde bulunan arkadaşlarındır. Bu siteleri yayınlayan ben de değil.<br /><br />Hadi Eyvallah,<br />Kolay gelsin.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1539550101889367295-8624989090759787997?l=sqlinject.blogspot.com' alt='' /></div>sql injectionhttp://www.blogger.com/profile/04352566823640857875noreply@blogger.com0