如何简单获取目标网站的数据库（How to simply get the database of the target site）.doc

如何简单获取目标网站的数据库（How to simply get the database of the target site） SQL injection has been around for a long time, and we are looking for bugs to get things in the database, such as username and password. (of course, the MSSQL database also has access to it). Wouldnt it be better if we could get the entire database without injection? The mob became a simpler means of intrusion than injection. In the method of the garage, the experts often improve in the articles of intrusion, but more often than not, some of them are discussed in one way or the other. A recent article on the use of the retalking % 5c is a summary of the Arsenal, which is widely circulated in the Internet. But there is still no principle, and the conclusion is just that experience, rather than that, decides to talk about the principles and rules of the vault. One, about the % 5c of the huge warehouse method: This method is considered to be an overuse, and it has been popular for a while (and as you know more people, your defenses have been tightened up, and youre not as effective as before). In this way, its easy to say that when you open a web page, change the / in the address to % 5c and submit it, and then you can break the path of the database. In fact, not all sites are effective, it is necessary to asp? Id = this page address (for the behavior of the call database), if you confirm the web database have a call, behind can not so, for example chklogin. Asp can also. (of course, there are other terms, too. So, for example, _blank _blank 6/yddown%5cview.asp? Id = 3 Replace the second / with % 5c _blank _blank 6/yddown%5cview.asp? Id = 3 The following results will be given as follows: Microsoft JET Database Engine errorD: \ 111 \ admin \ rds_dbd32rfd213fg. MDB is not an effective path. Determine whether the path name is spelled correctly and whether it is connected to the server where the file is stored. / yddown/conn. Asp, (note: this is a website of the black defense lab, which is deli