mirror of
https://gitee.com/gaohongy/code-audit.git
synced 2026-07-16 08:23:50 +00:00
修正图片引用
This commit is contained in:
@@ -71,7 +71,7 @@
|
|||||||
|
|
||||||
运行结果:
|
运行结果:
|
||||||
|
|
||||||

|

|
||||||
|
|
||||||
### 1.1.3. 远程文件包含RFI
|
### 1.1.3. 远程文件包含RFI
|
||||||
|
|
||||||
@@ -118,7 +118,7 @@ http://localhost/2020CodeAudit/C5/include/remoteinclude.php?url=php://input
|
|||||||
|
|
||||||
F12打开Edge的调试模式。
|
F12打开Edge的调试模式。
|
||||||
|
|
||||||

|

|
||||||
|
|
||||||
1. 选择请求类型 POST
|
1. 选择请求类型 POST
|
||||||
2. 输入URL:http://localhost/2020CodeAudit/C5/include/remoteinclude.php?url=php://input
|
2. 输入URL:http://localhost/2020CodeAudit/C5/include/remoteinclude.php?url=php://input
|
||||||
|
|||||||
@@ -381,7 +381,7 @@ insert into tables(1,2) values('xx',0x3c7363726970743e616c6572742831293c2f736369
|
|||||||
insert into userinfo(username,PASSWORD, email) values('xx',0x3c7363726970743e616c6572742831293c2f73636970743e,'a');
|
insert into userinfo(username,PASSWORD, email) values('xx',0x3c7363726970743e616c6572742831293c2f73636970743e,'a');
|
||||||
```
|
```
|
||||||
|
|
||||||

|

|
||||||
|
|
||||||
双等于和三等于
|
双等于和三等于
|
||||||
|
|
||||||
@@ -459,7 +459,7 @@ if(file_exists('install.lock'){
|
|||||||
|
|
||||||
还有一种是以重复发包来利用时间差,以少量的钱多次购买。
|
还有一种是以重复发包来利用时间差,以少量的钱多次购买。
|
||||||
|
|
||||||

|

|
||||||
|
|
||||||
## 2.2. Ecshop逻辑错误注入
|
## 2.2. Ecshop逻辑错误注入
|
||||||
|
|
||||||
@@ -559,7 +559,7 @@ http://localhost/ECshop/respond.php?code=alipay&subject=0&out_trade_no=%00' and
|
|||||||
|
|
||||||
另外,浮现该漏洞需要打开后台的支付宝功能。
|
另外,浮现该漏洞需要打开后台的支付宝功能。
|
||||||
|
|
||||||

|

|
||||||
|
|
||||||
# 3. 会话认证漏洞
|
# 3. 会话认证漏洞
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user