Milw0rm 1.0 /admin/login.php SQL注入漏洞

1/admin/login.php $usr = htmlspecialcharstrim$POST'usr'; $pwd = htmlspecialcharstrim$POST'pwd'; if$usr && $pwd $login = mysqlquery"SELECT FROM siteinfo WHERE admusr='".$usr."' AND admpwd='".md5$pwd."';"; $row = mysqlnumrows$login;...