Darren 的个人资料! Welcome !照片日志列表更多  |  工具 帮助 |
|
10月23日 Yahoo messengerYahoo messenger custom status messages
I keep reading that yahoo messenger custom status messages can only be deleted when you hit 5 messages then the oldest message will be deleted ? well thats true but you can manually delete them aswell ! heres how :
This will bring up the registry editor, within the registry editor you need to go to : HKEY_CURRENT_USER\Software\Yahoo\pager\profiles\YOUR ID WILL BE HERE\Custom Msgs There you will see your messages in the right hand pane, just delete as you please, if you wish to delete all custom messages then just delete the whole reg key, it will re-new when a new custom message is typed in YM. 10月12日 Another on SQL InjectionConcept: Every time you browse the internet to look at a web site there are many things going on in the background to bring you that site. Most of the more sophisticated sites or services use DATABASES to store site content and what-not. This content is accessed by sending the web server SQL code. It is nothing more than a request for content. But it is possible to change the normal request to one of your own design. This could allow you to get different information in the database than what you would normally have gotten. What is a SQL Injection: A SQL Injection is the manipulation of SQL code by inserting crafted commands into the variables of that SQL code. This could potentially allow you to gain access to information that you would normally not have access to. How does it work: For demonstrational purposes you can think of it working like this: You have a site that allows you to enter text into an input box, like a login/password setup. When you click Submit, your information is passed to another file that processes that information (like a .php or .asp file). That file generates an line of SQL code and puts your information in it. It then sends that SQL code to the database server, which replies back with its respected information. That page then processes that new information and sends the results back to you. To do a SQL Injection, you would write specially crafted SQL code in the Input
Boxes of the site. When you submitted your malicious string to the next page, that page puts your code into the rest of the SQL statement. If you crafted your string correctly the resulting SQL logic will be modified... and hopefully still be valid. Examples of Injection: You go to a site that prompts you for a User Name and Password. You know that the User Name and Password are stored in a database. Lets also say, for simplicities sake, you have an idea of what the SQL statement looks like. Here is an example of such a code:
SELECT User.Message FROM User Where((User.Login = '$myLogin') AND ('$myPassword' = User.Password)); As you can probably tell, this code will return a "Message" if the Login equals the
correct User Name and Password equals the correct Password. $myLogin & $myPassword are the INPUT variables from the Text Boxes. So how do I do a SQL Injection on this?
First, notice that your $myLogin is getting processed first. That is where we will start. What would happened if you let your User Name equal "') AND ('"? $myLogin = ') AND (' Your new SQL String would look like this:
SELECT User.Message FROM User Where((User.Login = '') AND ('') AND ('$myPassword' = User.Password)); Ok, now you might be getting the idea how this all works now. But LOGIC tells us that
the SQL statement we just created is not valid and will create an error, plus it doesn't do us any good at all! Can you guess what we can put into $myLogin to make the SQL statement valid and logically bypass us needing a password at all!?!? Exploit:
$myLogin = root') OR (User.Login = 'root Exploited SQL Code:
SELECT User.Message FROM User Where((User.Login = 'root') OR (User.Login = 'root') AND ('$myPassword' = User.Password)); Look at what we did here. We let User.Login = root so we can get the Message that
the root user would get. We added an OR statement to logically relieve us from needing a valid $myPassword. Think of it like this:
(login = root) or ((login = anything) and (password = anything)) Since User.Login contains "root" is TRUE we get that user's Message even though the
second part of that logical argument is FALSE. SQL Injections on unknown SQL Code: Most of the time you will not be able to see the SQL code that the .php or .asp files create. Due to insecure programming habits, you might be able to get it to show you the SQL though. And obtaining partial SQL code is possible by inserting invalid strings in most cases. But no matter what, a good understanding of SQL code is needed to attempt SQL Injections. Most vulnerable code can also be exploited by a lot of trial and error. . |
|
|
