XSSEmpire帝国CMS 7.5 XSS注入https://blog.csdn.net/qq_44846097/article/details/161088124?sharetypeblogdetailsharerId161088124sharereferPCsharesourceqq_44846097spm1011.2480.3001.8118恶意文件上传CVE-2018-18086Empire帝国CMS 7.5 恶意文件上传-CVE-2018-18086https://blog.csdn.net/qq_44846097/article/details/161092690?sharetypeblogdetailsharerId161092690sharereferPCsharesourceqq_44846097spm1011.2480.3001.8118SQL注入说明环境MySQL 5.7.26实现利用MySQL的文件读写需要开启secure_file_priv状态表现能否读写文件安全等级NULL禁用完全不能安全推荐有路径限制启用只能读该目录中等空值完全启用任意目录高危验证数据库查询SHOW VARIABLES LIKE secure_file_priv; 或 SELECT secure_file_priv;