search

Home  >  Article  >  Backend Development  >  php injection 3_PHP tutorial

php injection 3_PHP tutorial

WBOY
WBOYOriginal
2016-07-13 11:00:18795browse

Three: Some injection techniques, many of which are personal discoveries
1. Union select techniques
UNION is used to combine the results of multiple SELECT statements into a result set. The columns listed in the select_expression part of the SELECT must be of the same type. The column names used in the first SELECT query will be returned as the column names of the result set.
However, we can use the following method to guess the column type, which saves a lot of time
Let’s first
http://localhost/down/index.php?url=&dlid=1%20and% 201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18
Figure 24
See if the software description says 3 and the author says 4, we can guess that the positions of 3 and 4 are character type. Let’s look at the number of downloads before 14, which should be int type. Right Bar.
Okay, let’s build it based on this. It is estimated that username and password are also character types.
Try it out
http://localhost/down/index.php?url=&dlid=1%20and%201=2%20union%20select%201,2,password,4,username,6,7 ,8,9,10,11,12,13,14,15,16,17,18%20from%20dl_users
As shown in Figure 25
Haha, you can probably guess this method just by looking at it.
2. Tips for reading and writing files with load_file
I wonder if you have ever noticed that when we use load_file() to read and write php files, they cannot be displayed on the web page. For example:
C:/apache/htdocs/site/lib/sql.inc.php converted to hexadecimal: 0x433A2F6170616368652F6874646F63732F736974652F6C69622F73716C2E696E632E706870
We construct As follows
http://localhost/site/display.php? id=
451%20and%201=2%20%20union%20select%201,2,load_file(0x433A2F6170616368652F6874646F63732F736974652F6C69622F73716C2E696E632E706870 )
,4,5,6,7,8,9,10,11
such as Figure 26
I found that sql.inc.php should be displayed in the article content, but it is empty. Why?
Let’s take a look at the source code of the web page first
Picture 27
Haha, look at the marked place, I’m so dizzy, it turns out it’s here, but why?
It turns out that < > in HTML is used for annotation, haha, you understand! Please remember where to look for it next time.

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/631799.htmlTechArticle3: Some injection techniques, many of which are personal discoveries 1. Union select technique UNION is used to combine multiple The results of a SELECT statement are combined into a result set. select_exp...
in SELECT
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:Develop C/S structure with PHP (a simple example)_PHP tutorialNext article:Develop C/S structure with PHP (a simple example)_PHP tutorial

Related articles

See more