wechall|Blinded by the light
hack点
function blightVuln($password)
{
# Do not mess with other sessions!
if ( (strpos($password, '/*') !== false) || (stripos($password, 'blight') !== false) )
{
return false;
}
$db = blightDB();
$sessid = GWF_Session::getSession()->getID();
$query = "SELECT 1 FROM (SELECT password FROM blight WHERE sessid=$sessid) b WHERE password='$password'";
return $db->queryFirst($query) !== false;
}
这一句
"SELECT 1 FROM (SELECT password FROM blight WHERE sessid=$sessid) b WHERE password='$password'";
")"
开始不理解 b的意思
后来反应过来是前面的临时表(SELECT password FROM blight WHERE sessid=$sessid)的别名 省去了 AS
不加这个的话 就会报错:
Every derived table must have its own alias
另外 此题不会做
题解:
题解~~~