最近在研究代码审计,便去chinaz 找了个人气比较高的 cms,本文适合我等刚入门滴人士
Ue批量查了一下源码 整个系统都在注入 注入
额,单引号啊,还需要绕过,开gpc就惨了,然而,发现这个伟大的cms,竟然自动去除gpc …
// 去除Magic_Quotes
if(get_magic_quotes_gpc()) // Maybe would be removed in php6
{
function stripslashes_deep($value)5{
$value = is_array($value) ? array_map('stripslashes_deep', $value) : (isset($value) ? stripslashes($value) : null);
return $value;
}
$_POST = stripslashes_deep($_POST);
$_GET = stripslashes_deep($_GET);
11$_COOKIE = stripslashes_deep($_COOKIE);
}
前台开始注射
http://127.0.0.1/coder/alpaca/index.php/page/18/
对应的sql语句为
select count(*) as a from `elem` where 1 and rel_id&#