### 简要描述:
sql注入,可获取数据库任意信息
### 详细说明:
sql注入,可获取数据库任意信息
漏洞触发位置,已经触发函数
[<img src="https://images.seebug.org/upload/201311/181524184caa5f9b79da7dbdd5417bd6cf650ce4.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201311/181524184caa5f9b79da7dbdd5417bd6cf650ce4.png)
[<img src="https://images.seebug.org/upload/201311/1815242839902d7ee3cd6fada49fe8e78b74b176.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201311/1815242839902d7ee3cd6fada49fe8e78b74b176.png)
构造一个关联数组,键就是sql语句,用serialize序列化
[<img src="https://images.seebug.org/upload/201311/18152839ca50214226651291ba22e5de6fb2845e.png" alt="QQ截图20131116211519.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201311/18152839ca50214226651291ba22e5de6fb2845e.png)
将序列化之后的值作为cookie
[<img src="https://images.seebug.org/upload/201311/1815304137f4f3069160ead4df3536ab0ce72dbe.png" alt="QQ截图20131116211442.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201311/1815304137f4f3069160ead4df3536ab0ce72dbe.png)
### 漏洞证明:
访问以下
[<img src="https://images.seebug.org/upload/201311/18153135980ff0baa4f1986593db85d5c7cc48c7.png" alt="QQ截图20131116211456.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201311/18153135980ff0baa4f1986593db85d5c7cc48c7.png)
京公网安备 11010502034610号
暂无评论