GOOGLE shopping built Station system injection vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201338027
Type myhack58
Reporter 佚名
Modified 2013-03-29T00:00:00


Find an injection point /Diary_A. asp? UBID=&DCID=DC2012050610553697&DIID=DI2012050610583389

Habitual plus’having1=1--’having 1=1—


Broke Diary_A. dl_Title(this time very excited.)

Then continue to’group by dl_Title having 1=1—

Continue to, has been a blast to go down

Blast to several field and table section but didn't find the need to the manage user fields

Possibly a what to do and then go backstage landing page to see the source code


Input name= “ADUID”

Input name= “ADPWD”

Very lucky to find a field that will continue to

[1] [2] [3] next