原理:x-forwared-for注入,时间盲注,insert注入
点开网址就是这么一句话,源码也给出
function getIp(){
$ip = '';
if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){
$ip = $_SERVER['HTTP_X_FORWARDED_FOR']; #从x-forwared-for获取ip
}else{
$ip = $_SERVER['REMOTE_ADDR'];
}
$ip_arr = explode(',', $ip); #过滤获取到的IP中的逗号
return $ip_arr[0];
}
$host="localhost";
$user="";
$pass="";
$db="";
$connect = mysql_connect($host, $user, $pass) or die("Unable to connect");
mysql_select_db($db) or die("Unable to select database");
$ip = getIp();
echo 'your ip is :'.$ip;
$sql="insert into client_ip (ip) values ('$ip')"; #将IP插入数据库
mysql_query($sql);
关键在这一句sql语句
insert into client_ip (ip) values ('$ip')
过滤了逗号之后能用的payload语句就剩下
case when then else end
substring(“xxxxxx” from 1 for 1)