The wind classification of the information management program injection vulnerability-vulnerability warning-the black bar safety net

2011-05-15T00:00:00
ID MYHACK58:62201130474
Type myhack58
Reporter 佚名
Modified 2011-05-15T00:00:00

Description

Wind PHP classification information of the program v1. 3 to inject the latest injection vulnerabilities.

Vulnerability file index.php vulnerability type: SQL injection.

<? require_once("conn.php");?& gt;

$page=$_GET["page"];

$cid=$_GET["cid"];

$pagesize=1 5;

if($cid!="") {

$r2=mysql_query("select count(*) from cbody where cid=".$ cid."") or die(mysql_error());

}else{

$r2=mysql_query("select count(*) from cbody") or die(mysql_error());

}

Test EXP:http://www. tmdsb. com/index. php? cid=3 5 0 won't manual or don't want to be

The direct use of the injection tool. Some of the program's default background is http://www. tmdsb. com/admin/