´ÓWordPress´íÎóÈÕÖ¾Àï·¢ÏÖSQL×¢ÈëÉ¨Ãè¹¥»÷

admin ·¢±íÓÚ 2013-1-11 21:23:34

[*]ÕâÆªÎÄÕÂ½éÉÜÁËµ±WordPress¿ªÆô´íÎó¼ÇÂ¼ÒÔºó£¬¸ù¾Ýerror_logÀ´·¢ÏÖSQL×¢Èë¹¥»÷µÄË¼Â·¡£

ÎüÒýCocoaµÄÊÇÕâ¸ö²©¿ÍÆäÊµÊÇTrustWave¹«Ë¾ÏÂÊôµÄÒ»¸ö½ÐSpiderlabÍÅ¶ÓµÄ¹Ù·½²©¿Í£¬Ã²ËÆ±È½ÏÓÐÒâË¼¡£ÀýÈçËüÌáµ½ÁËHoneypot AlertÕâ¸ö±êÇ©ÀïµÄÎÄÕÂ¶¼ÊÇ·ÖÎöËûÃÇÒ»¸öWebÃÛ¹ÞµÄApache access_logÈÕÖ¾µÄ¡£

¼òµ¥½éÉÜÒ»ÏÂÕâÆªÎÄÕÂ°É¡£

¿ªÆôWP´íÎó¼ÇÂ¼¹¦ÄÜ
Ö»ÐèÒªÐÞ¸Äwp-config.phpµÄÈçÏÂ¼¸ÐÐ£º

@ini_set('log_errors','On'); @ini_set('display_errors','Off'); @ini_set('error_log','/home/example.com/logs/php_error.log');SQL ×¢ÈëÉ¨Ãè

WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id = -1\'' at line 1 for query SELECT text, author_id, date FROMWHERE id = -1\'
WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id = 999999.9 UNION ALL SELECT 0x31303235343830303536--' at line 1 for query SELECT text, author_id, date FROMWHERE id = 999999.9 UNION ALL SELECT 0x31303235343830303536--
WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id = 999999.9 UNION ALL SELECT 0x31303235343830303536,0x313032353438303035' at line 1 for query SELECT text, author_id, date FROMWHERE id = 999999.9 UNION ALL SELECT 0x31303235343830303536,0x31303235343830303536--
ÉÏÃæµÄÈÕÖ¾¾ÍÊÇÔÚ±©Á¦²Â½â±íµÄÁÐÊý£¬ÄÇ¸ö¾Þ´óµÄÊ®Áù½øÖÆÖµ»á±»½âÎö³Énull¡£
SQLÃ¤×¢É¨Ãè
¹¥»÷ÕßÊ¹ÓÃÁËÀàËÆ"waitfor delay"ºÍ"benchmark"ÕâÑùµÄº¯ÊýÀ´Ã¤×¢¡£

WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id = -1; if (1=1) waitfor delay \'00:00:05\'--' at line 1 for query SELECT text, author_id, date FROMWHERE id = -1; if (1=1) waitfor delay \'00:00:05\'--
WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id = -1 and if(1=1,BENCHMARK(8623333,MD5(0x41)),0)' at line 1 for query SELECT text, author_id, date FROMWHERE id = -1 and if(1=1,BENCHMARK(8623333,MD5(0x41)),0)
GoogleÒ»ÏÂ´ó¹æÄ£É¨Ãè



                           ½©Ê¬ÍøÂç¿ØÖÆ×Å¿ÉÄÜÊ¹ÓÃ±»¸ÐÈ¾Ö÷»úÀ´Ê¶±ðÇ±ÔÚµÄÄ¿±ê¡£ÏÂÃæÊÇ¸Ã¹«Ë¾µÄÃÛ¹Þ²¶»ñµ½µÄÒ»¸öRFI£¨Ô¶³ÌÎÄ¼þ°üº¬£©¹¥»÷´úÂëÀïµÄÆ¬¶Î£º
[*]sub google() { my @list; my $key = $_; for (my $i=0; $i<=400; $i+=10){ my $search = ("http://www.google.com/search?q=".&key($key)."&num=100&filter=0&start=".$i); my $res = &search_engine_query($search); while ($res =~ m/<a href="\"?http:\/\/([^">\"]*)\//g) { if ($1 !~ /google/){ my $link = $1; my @grep = &links($link); push(@list,@grep);          }    } } return @list£»

Cocoa×Ü½á£ºÎÄÕÂ±È½Ï¼òµ¥£¬µ«ÊÇ´ÓÈÕÖ¾À´¼ì²â¹¥»÷Ã²ËÆÊÇÄ¿Ç°Á÷ÐÐµÄÒ»¸ö·½Ïò¡£

Ò³: [1]

ÖÐ¹úÍøÂçÉøÍ¸²âÊÔÁªÃË's Archiver

´ÓWordPress´íÎóÈÕÖ¾Àï·¢ÏÖSQL×¢ÈëÉ¨Ãè¹¥»÷