INSERT INTO 注入构造UPDATE求助 (WOOYUN)

  • A+
所属分类:WooYun-Zone

苦咖啡 INSERT INTO 注入构造UPDATE求助  (WOOYUN) | 2015-09-30 18:02

注入某网站  发现insert into存在注入   已经爆出了管理员账号和密码  但是。。。。悲剧的发现解密不开,构造了几次update都发现失败了。。。。   求大牛帮助

可控变量  hack-sql-test  加入单引号报错

Database Query Error Info:

Invalid SQL: INSERT INTO test_guest (guestip, browser, lang, created, isonline, isbanned, serverid, fromurl) VALUES ('127.0.0.1', 'Chrome 42.0.2311.152', '1', '1443607129', 0, 0, '6', 'hack-sql-test'')

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''hack-sql-test'')' at line 1
Error No:
File: /enter.php

分享到: