sql注入"Slep“
sql注入"Slep“
提问于 2020-04-19 12:20:15
如何确定ip地址或url地址日志?我在mysql慢速查询中有这个。
/usr/sbin/mysqld, Version: 5.5.62-0ubuntu0.14.04.1-log ((Ubuntu)). started with:
Tcp port: 3306 Unix socket: /var/run/mysqld/mysqld.sock
Time Id Command Argument
# Time: 200419 11:12:39
# User@Host: root[root] @ localhost []
# Query_time: 51.904912 Lock_time: 0.000103 Rows_sent: 0 Rows_examined: 0
use lastfiles;
SET timestamp=1587287559;
SELECT id,name,descr,filename,size,category,seeders,leechers,added FROM torrents WHERE category IN (25 AnD SlEeP(3000)) AND visible='yes' ORDER BY added DESC LIMIT 15;
/usr/sbin/mysqld, Version: 5.5.62-0ubuntu0.14.04.1-log ((Ubuntu)). started with:
Tcp port: 3306 Unix socket: /var/run/mysqld/mysqld.sock
Time Id Command Argument
# Time: 200419 11:43:06
# User@Host: root[root] @ localhost []
# Query_time: 973.189006 Lock_time: 0.000097 Rows_sent: 0 Rows_examined: 0
use lastfiles;
SET timestamp=1587289386;
SELECT id,name,descr,filename,size,category,seeders,leechers,added FROM torrents WHERE category IN (25 AnD SlEeP(3000)) AND visible='yes' ORDER BY added DESC LIMIT 15;
/usr/sbin/mysqld, Version: 5.5.62-0ubuntu0.14.04.1-log ((Ubuntu)). started with:
Tcp port: 3306 Unix socket: /var/run/mysqld/mysqld.sock
Time Id Command Argument
# Time: 200419 11:59:27
# User@Host: root[root] @ localhost []
# Query_time: 144.803710 Lock_time: 0.000022 Rows_sent: 0 Rows_examined: 0
use lastfiles;
SET timestamp=1587290367;
SELECT id,name,descr,filename,size,category,seeders,leechers,added FROM torrents WHERE category IN (25 AnD SlEeP(3000)) AND visible='yes' ORDER BY added DESC LIMIT 15;
/usr/sbin/mysqld, Version: 5.5.62-0ubuntu0.14.04.1-log ((Ubuntu)). started with:
Tcp port: 3306 Unix socket: /var/run/mysqld/mysqld.sock
Time Id Command Argument
/usr/sbin/mysqld, Version: 5.5.62-0ubuntu0.14.04.1-log ((Ubuntu)). started with:
Tcp port: 3306 Unix socket: /var/run/mysqld/mysqld.sock
Time Id Command Argument
/usr/sbin/mysqld, Version: 5.5.62-0ubuntu0.14.04.1-log ((Ubuntu)). started with:
Tcp port: 3306 Unix socket: /var/run/mysqld/mysqld.sock
Time Id Command Argument
# Time: 200419 12:21:58
# User@Host: nutecredinstare[nutecredinstare] @ localhost []
# Query_time: 590.385342 Lock_time: 0.000102 Rows_sent: 0 Rows_examined: 0
use lastfiles;
SET timestamp=1587291718;
SELECT id,name,descr,filename,size,category,seeders,leechers,added FROM torrents WHERE category IN (25 AnD SlEeP(3000)) AND visible='yes' ORDER BY added DESC LIMIT 15;
/usr/sbin/mysqld, Version: 5.5.62-0ubuntu0.14.04.1-log ((Ubuntu)). started with:
Tcp port: 3306 Unix socket: /var/run/mysqld/mysqld.sock
Time Id Command Argument
# Time: 200419 12:27:31
# User@Host: nutecredinstare[nutecredinstare] @ localhost []
# Query_time: 18.139393 Lock_time: 0.000039 Rows_sent: 0 Rows_examined: 0
use lastfiles;
SET timestamp=1587292051;
SELECT id,name,descr,filename,size,category,seeders,leechers,added FROM torrents WHERE category IN (25 AnD SlEeP(3000)) AND visible='yes' ORDER BY added DESC LIMIT 15;
/usr/sbin/mysqld, Version: 5.5.62-0ubuntu0.14.04.1-log ((Ubuntu)). started with:
Tcp port: 3306 Unix socket: /var/run/mysqld/mysqld.sock
Time Id Command Argument
# Time: 200419 12:51:08
# User@Host: nutecredinstare[nutecredinstare] @ localhost []
# Query_time: 530.583547 Lock_time: 0.000022 Rows_sent: 0 Rows_examined: 0
use lastfiles;
SET timestamp=1587293468;
SELECT id,name,descr,filename,size,category,seeders,leechers,added FROM torrents WHERE category IN (25 AnD SlEeP(3000)) AND visible='yes' ORDER BY added DESC LIMIT 15;
/usr/sbin/mysqld, Version: 5.5.62-0ubuntu0.14.04.1-log ((Ubuntu)). started with:
Tcp port: 3306 Unix socket: /var/run/mysqld/mysqld.sock
Time Id Command Argument
# Time: 200419 12:58:07
# User@Host: nutecredinstare[nutecredinstare] @ localhost []
# Query_time: 43.678108 Lock_time: 0.000078 Rows_sent: 0 Rows_examined: 0
use lastfiles;
SET timestamp=1587293887;
SELECT id,name,descr,filename,size,category,seeders,leechers,added FROM torrents WHERE category IN (25 AnD SlEeP(3000)) AND visible='yes' ORDER BY added DESC LIMIT 15;
/usr/sbin/mysqld, Version: 5.5.62-0ubuntu0.14.04.1-log ((Ubuntu)). started with:
Tcp port: 3306 Unix socket: /var/run/mysqld/mysqld.sock
Time Id Command Argument
# Time: 200419 13:13:41
# User@Host: nutecredinstare[nutecredinstare] @ localhost []
# Query_time: 72.950484 Lock_time: 0.000083 Rows_sent: 0 Rows_examined: 0
use lastfiles;
SET timestamp=1587294821;
SELECT id,name,descr,filename,size,category,seeders,leechers,added FROM torrents WHERE category IN (25 AnD SlEeP(3000)) AND visible='yes' ORDER BY added DESC LIMIT 15;
/usr/sbin/mysqld, Version: 5.5.62-0ubuntu0.14.04.1-log ((Ubuntu)). started with:
Tcp port: 3306 Unix socket: /var/run/mysqld/mysqld.sock
Time Id Command Argument
# Time: 200419 13:26:14
# User@Host: nutecredinstare[nutecredinstare] @ localhost []
# Query_time: 45.907777 Lock_time: 0.000025 Rows_sent: 0 Rows_examined: 0
use lastfiles;
SET timestamp=1587295574;
SELECT id,name,descr,filename,size,category,seeders,leechers,added FROM torrents WHERE category IN (25 AnD SlEeP(3000)) AND visible='yes' ORDER BY added DESC LIMIT 15;
/usr/sbin/mysqld, Version: 5.5.62-0ubuntu0.14.04.1-log ((Ubuntu)). started with:
Tcp port: 3306 Unix socket: /var/run/mysqld/mysqld.sock
Time Id Command Argument
# Time: 200419 13:48:59
# User@Host: nutecredinstare[nutecredinstare] @ localhost []
# Query_time: 1106.049268 Lock_time: 0.000077 Rows_sent: 0 Rows_examined: 0
use lastfiles;
SET timestamp=1587296939;
SELECT id,name,descr,filename,size,category,seeders,leechers,added FROM torrents WHERE category IN (25 AnD SlEeP(3000)) AND visible='yes' ORDER BY added DESC LIMIT 15;
/usr/sbin/mysqld, Version: 5.5.62-0ubuntu0.14.04.1-log ((Ubuntu)). started with:
Tcp port: 3306 Unix socket: /var/run/mysqld/mysqld.sock
Time Id Command Argument
# Time: 200419 13:56:32
# User@Host: nutecredinstare[nutecredinstare] @ localhost []
# Query_time: 338.521235 Lock_time: 0.000076 Rows_sent: 0 Rows_examined: 0
use lastfiles;
SET timestamp=1587297392;
SELECT id,name,descr,filename,size,category,seeders,leechers,added FROM torrents WHERE category IN (25 AnD SlEeP(3000)) AND visible='yes' ORDER BY added DESC LIMIT 15;
/usr/sbin/mysqld, Version: 5.5.62-0ubuntu0.14.04.1-log ((Ubuntu)). started with:
Tcp port: 3306 Unix socket: /var/run/mysqld/mysqld.sock
Time Id Command Argument
/usr/sbin/mysqld, Version: 5.5.62-0ubuntu0.14.04.1-log ((Ubuntu)). started with:
Tcp port: 3306 Unix socket: /var/run/mysqld/mysqld.sock
Time Id Command Argument
# Time: 200419 14:06:26
# User@Host: nutecredinstare[nutecredinstare] @ localhost []
# Query_time: 321.585240 Lock_time: 0.000103 Rows_sent: 0 Rows_examined: 0
use lastfiles;
SET timestamp=1587297986;
SELECT id,name,descr,filename,size,category,seeders,leechers,added FROM torrents WHERE category IN (25 AnD SlEeP(3000)) AND visible='yes' ORDER BY added DESC LIMIT 15;
/usr/sbin/mysqld, Version: 5.5.62-0ubuntu0.14.04.1-log ((Ubuntu)). started with:
Tcp port: 3306 Unix socket: /var/run/mysqld/mysqld.sock
Time Id Command Argument
/usr/sbin/mysqld, Version: 5.5.62-0ubuntu0.14.04.1-log ((Ubuntu)). started with:
Tcp port: 3306 Unix socket: /var/run/mysqld/mysqld.sock
Time Id Command Argument
# Time: 200419 14:12:51
# User@Host: nutecredinstare[nutecredinstare] @ localhost []
# Query_time: 83.491684 Lock_time: 0.000038 Rows_sent: 0 Rows_examined: 0
use lastfiles;
SET timestamp=1587298371;
SELECT id,name,descr,filename,size,category,seeders,leechers,added FROM torrents WHERE category IN (25 AnD SlEeP(3000)) AND visible='yes' ORDER BY added DESC LIMIT 15;
/usr/sbin/mysqld, Version: 5.5.62-0ubuntu0.14.04.1-log ((Ubuntu)). started with:
Tcp port: 3306 Unix socket: /var/run/mysqld/mysqld.sock
Time Id Command Argument
/usr/sbin/mysqld, Version: 5.5.62-0ubuntu0.14.04.1-log ((Ubuntu)). started with:
Tcp port: 3306 Unix socket: /var/run/mysqld/mysqld.sock
Time Id Command Argument回答 1
Server Fault用户
回答已采纳
发布于 2020-04-19 15:17:23
找到你的。
找到“内插”的位置来构建一个ids列表。
黑客对你很好--他表明你的弱点是一种相对无害的方式。
他可能正在构建一个URL,它从表单中提供了一个"id“,但是它显示了
... &id=25+AnD+SlEeP(3000) ...那你就是在做
$query = "SELECT ... " + $_GET['id'] + ...而不是转义或绑定。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/1013033
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号