直接就是乱码,联想到题目的数据库,那问题就i一定出现在数据库里,可以用两个扫描工具扫描试试
看到这个phpmyadmin4.8.1版本文件包含漏洞,问题出在index.php的target参数位置
就开始代码审计
// If we have a valid target, let's load that script instead
if (! empty($_REQUEST['target'])
&& is_string($_REQUEST['target'])
&& ! preg_match('/^index/', $_REQUEST['target'])
&& ! in_array($_REQUEST['target'], $target_blacklist)
&& Core::checkPageValidity($_REQUEST['target'])
) {
include $_REQUEST['target'];
exit;
}
//$target_blacklist,target参数黑名单
$target_blacklist = array (
'import.php', 'export.php'
);
//Core::checkPageValidity($_REQUEST['target']),Core类参数校验方法
public static function checkPageValidity(&$page, array $whitelist = [])
2 {
3 if (empty($whitelist)) {
4 $whitelist = self::$goto_whitelist;
5 }
6 if (! isset($page) || !is_string($page)) {
7 return false;
8 }
9
10 if (in_array($page, $whitelist)) {
11 return true;
12 }
13
14 $_page = mb_substr(
15 $page,
16 0,
17 mb_strpos($page . '?', '?')
18 );
19 if (in_array($_page, $whitelist)) {
20 return true;
21 }
22
23 $_page = urldecode($page);
24 $_page = mb_substr(
25 $_page,
26 0,
27 mb_strpos($_page . '?', '?')
28 );
29 if (in_array($_page, $whitelist)) {
30 return true;
31 }
32
33 return false;
34 }
//payLoad:
这里target参数只要不是黑名单中php文件就可以