Find a website today, do security detection, the URL is this:
Not traditional. PHP end, so many people think that this can not inject, in fact, pseudo-static can also inject, although the URL has been pseudo-static, but very conventional, try to inject. So submit
Http://www.xxxx.com/product/detail/id/3-1. html
The page information changes:
The page has changed, usually in the presence of SQL injection.
Note: because the + number will be URL encoded, we usually use a minus sign to judge.
Now that the loophole has been found, then it's routine, run Sqlmap.
Statement:
Parameter description:--DBSM Specify Database
-V 3 You can see the payload without using a proxy grab to see the SQL injection statement
There are loopholes that can be injected, and the table below has been run out:
Then find the backstage, find the upload point .... Directly upload PHP take Webshell, too conventional, don't say nonsense.
Infiltration diary-using Sqlmap pseudo static injection