i春秋

按F注入

只有手机才能访问<!--function is_mobile(){-->
<!--if (isset ($_SERVER['HTTP_USER_AGENT'])) {-->
<!--$clientkeywords = array(-->
<!--'nokia','sony','ericsson','mot','samsung','htc','sgh','lg','sharp','sie-','philips','panasonic','alcatel','lenovo','iphone','ipod','blackberry','meizu','android','netfront','symbian','ucweb','windowsce','palm','operamini','operamobi','openwave','nexusone','cldc','midp','wap','mobile'-->
<!--);-->
<!--//从HTTP_USER_AGENT中查找手机浏览器的关键字-->
<!--if (preg_match("/(" . implode('|', $clientkeywords) . ")/i", strtolower($_SERVER['HTTP_USER_AGENT']))) {-->
<!--return true;-->
<!--}-->
<!--}-->
<!--return false;-->
<!--}-->
    
(nokia|sony|ericsson|mot|samsung|htc|sgh|lg|sharp|sie-|philips|panasonic|alcatel|lenovo|iphone|ipod|blackberry|meizu|android|netfront|symbian|ucweb|windowsce|palm|operamini|operamobi|openwave|nexusone|cldc|midp|wap|mobile)

改响应头！User-Agent

发现提示！

<!--<a href="?f=1">我选择按下F进入TK</a>-->

好像是PostgreSQLsql注入！

发现有异常点！但是跑不出来！