Posted on 02-08-2009
Blind SQL Injection – tahminleme yöntemi
Filed Under (Security) by admin

Tablo adları

$tahminiTablolar=array('kullanici','kullanicilar','uye','uyeler','users','user','admin','ident','adminlog','members','member','eq_users','tb_users','tbl_user','login','logging','nuke_users','admins','group_members',
'phpbb_users','administrator','admin_log','pass_admin','wp_users','accounts','adminlogin',
'auth','authenticate','authentication','account','customers','config','conf','cfg','sb_host_admin',
'WebAdmin','super','administrateurs','webmaster','webmasters','webuser','userinfo','userlist','sysadmins',
'manager','memberlist','logs','login','customer','edit','editor','administration','accounts','cms_admin','cms_admins',
'cms_user','cms_users','xoops_users','vbulletin_user','vb_user','user_login','user_logins','user_admin','tb_member',
'tb_members','tb_administrator','tb_login','tb_user','sysadmin','smf_members','smallnuke_members','site_logins','site_login',
'sitelogin','siteslogins','punbb_users','poll_user','phpBB2.phpbb_users','phpBB2.forum_users','phpbb_users','phorum_user',
'nuke_users','nuke_authors','mybb_users','mysql.user','login_admin','login_admins','login_user','login_users','jos_users',
'jos_joomblog_users','ipb.ibf_members','ibf_members','forum.ibf_members','fusion_users','e107_user','e107.e107_user','dbadmins','cpg132_users','chat_users','article_admin','Administratoren','administrieren','4images_users');

Kolonlar

$tahminiKolonlar=array(
'id','uid','userid','username','cst','user','pseudo','pw','pass','sifre','parola','kod','password','uname','login','login_user','memeber_pass','memberpwd',
'login_pass','login_name','userpassword','userpw','userpwd,','member_pwd','memberpw','user_name','name','usr','adminname','admin','adminpass','adminpassword','passwd','adminpasswd','pwd','script','user_login','user_pass','login_passwort','usrname','usrpass',
'usr_pass','userpass','user_password','administrator','usrpw','adminpwd','adminpw','userPassword','Userlogin','Administratorzy',
'Administrator','pWord','passer','Passw','membres','membername','wp_users','usrs','usrnam','usrname','usrn','usernm','useradmin',
'user_usrnm','user_usernm','user_pword','user_pwrd','user_pwd','user_passw','user_email','user_admin','pwrd','pword','psw','passw',
'pass_word','pass_hash','p_word','memlogin','mempassword','members','membername','memberid','member_name','member_id','mem_pwd','mem_password','mem_passwd','mem_pass','mem_login','mail','md5hash','logins','login_username','login_user','login_pwd','auth',
'adminuserid','adminuser','adminemail','admin_userid','admin_user','admin_pwd','admin_password','admin_passwd','admin_pass',
'admin_name','account','accounts','sb_admin_name','sb_pwd');

SQL bindirme açığı bulduğunuz sistemler üzerinde tablo adı veya kolon adı tahminlemesi hedefe ulaşmak için kritik role sahip olabiliyor. Yukarıdaki listede kullanılan tablolar çoğunlukla işe yarar. Tablo adı ve kolon tahminlemesi için html kodlarında kullanılan form ve girdi isimleride yine dikkate değer.

(0) Comments    Read More   

Post a Comment
Name:
Email:
Website:
Comments: