当前位置：网站首页>SRC mining ideas and methods

SRC mining ideas and methods

2022-07-06 13:48:00 【One call yyds】

Recently, I found that many small partners who have just come into contact with infiltration do not know the secret of actually digging holes , So I'm going to write some tips for digging holes by myself .

src It is recommended that novices dig holes in the preferred vulnerability box , Because the vulnerability box has a wide range , All domestic sites receive . Compared with other src platform , Mining is very suitable for novices .

Vulnerability mining , Information gathering is important .

Here we will explain with some actual combat .

First of all, let's talk about Google grammar ！！！

The following can be done by fofa、 Zhong Kui's eyes 、shodan Wait for cyberspace search engines to search Google Mirror image .

# SQL Injection and hole digging are basically smooth

1. Look for loopholes , Through basic site:、inurl: Google Syntax .
2. Find a site , Various points , Find his injection point .
3. Injection point not found , information gathering .
4. Then there are some column operations .

open Google Mirror image , Enter our Google syntax site:.com company .

In this way, you will get the domain name with .com Is the suffix related company name , The meaning of adding a company after it is to specify the company name for screening .

Google Syntax , Search through Google browser ：site:.com inurl:php?id=22 company

And here we add php?id=22, Because the core of our injection point is to transmit parameters , Therefore, it will be easier to find loopholes by searching for participants .

Now we find a website to test .

First we enter single quotation marks : ' , Look, the page has changed .

This means that the single quotation mark we entered is executed , There was a misreport . There is a great possibility that SQL Inject .

Further use ,and 1=1 && and 1=2, Verify whether the vulnerability exists .

there and 1=1, The page is normal , But in and 1=2 When , The page is echoed normally , Further verify .

We continue to use SQL Statement function , Come to the conclusion , We were blocked by the website firewall .

Did not bypass the website firewall , Try the inline annotation method casually here , Execution succeeded . It's too cumbersome to bypass the firewall , I'll do more , For starters , If you encounter a firewall, you can retreat directly .

Find a station below , Enter single quotes ', Page exception , We look for input and 1=1 | 1=2, Find out 1=2 abnormal .
It indicates that the function we input is executed by the database , There is SQL Inject .

The vulnerability has been tested , Next, let's see if we can verify the vulnerability . On SQL sentence , We use order by 11 | order by 12.

order by 11 The page is normal , and order by 12 Page exception （ That there is 11 A field ）.

Then we use SQL sentence , It is found that there is a Boolean blind note , Boolean blind note query data is cumbersome , Just throw it here SQLmap ran .

sqlmap command ：Python sqlmap.py -u The goal is URL --dbs（ Specify the name of the target database ）, Finally, the library name is successfully obtained .

Digging a hole is so easy ,SQL There are still a lot of injections , encounter waf, Those who have ideas can try to bypass .

XSS Loophole

Generally, check whether there is a message board through the searched site , Try blind typing XSS, Generally one XSS Medium risk , Build... Directly xss sentence ：<script>alert(1)</script>, Just insert it directly in the box , Pop up and submit directly src The platform is ok .

XSS General message board ！！！

Weak password vulnerability mining

Weak password Google syntax ：inurl:admin/login.php company .

In this way, you can search the backstage of many companies .

Entering the background, you can use tools to blast weak passwords in batches , Such as admin/111111 etc. , You can also view js Code to check whether there is an account password .