发帖需要登录,提示了我们账户时zhangwei
,密码是zhangweixxx
,果断暴力破解,得到密码是zhangwei666:
然后发帖,想找到SQL的注入点,可是就是找不到,就翻了翻源代码,在控制台中发现了关键的提示:
提示了.git源码泄露,用御剑也得到了/.git,使用githacker看代码:
没看出什么来,突然想到前面说commit丢失了,那就要将它补上,涉及git修复,给个师傅的修复脚本:git修复
<?php
include "mysql.php";
session_start();
if($_SESSION['login'] != 'yes'){
header("Location: ./login.php");
die();
}
if(isset($_GET['do'])){
switch ($_GET['do'])
{
case 'write':
$category = addslashes($_POST['category']);
$title = addslashes($_POST['title']);
$content = addslashes($_POST['content']);
$sql = "insert into board
set category = '$category',
title = '$title',
content = '$content'";
$result = mysql_query