随风分类信息管理程序注入漏洞
| EKU-ID: 255 | CVE: | OSVDB-ID: |
| Author: expku | Published: 2011-05-17 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 255 | CVE: | OSVDB-ID: |
| Author: expku | Published: 2011-05-17 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
随风PHP分类信息程序v1.3注入最新注入漏洞。
漏洞文件 index.php 漏洞类型:SQL注入。
<? require_once("conn.php");?>$page=$_GET["page"];$cid=$_GET["cid"];$pagesize=15;if($cid!=""){$r2=mysql_query("select count(*) from cbody where cid=".$cid."") or die(mysql_error());}else{$r2=mysql_query("select count(*) from cbody") or die(mysql_error());} 测试EXP:http://www.tmdsb.com/index.php?cid=350 不会手工的或者不想的可以 直接用注入工具。些程序的默认后台为http://www.tmdsb.com/admin/