phpyun SQL注入

简要描述： 处理不当导致注入，绕过waf 详细说明： 在/model/qqconnect.class.php文件中： function certaction $id=$GET'id'; $arr=@explode"|",base64decode$id; if$id && isarray$arr && $arr0 && $arr2==$this-config'coding' $row=$this-obj-DBselectonce"companycert","uid='".$arr0."' and check2='".$arr1."'"; ifisarray$row...

RevokeBB Blind SQL Injection / Hash Extractor

!/usr/bin/php -q -d shortopentag=on ? echo " ------------------------------------------------------------- RevokeBB = 1.0 RC4 Blind SQL Injection / Hash Retrieve Exploit Site: http://www.revokesoft.net by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php...

RunCMS 1.5.2 - debug_show.php SQL Injection

RunCMS 1.5.2 - debugshow.php SQL Injection no authentication is performed to run showfiles and showqueries functions, look at this now in /class/debug/debug.php: ... function showqueries$executedqueries, $sorted=0 global $db; $executedqueries = unserializeurldecode$executedqueries; if $sorted == ...

Netmao Movie network cat movie system vulnerabilities-vulnerability warning-the black bar safety net

IceskYsl in NOHACK published on the php vulnerabilities topic. The first is the include file vulnerability. So today I quickly found one, not exclusive to! Huh. Program: Netmao Movie network cat movie system. Description: now its latest version is 3. 0, due to the encryption, so it is not good to...

mybb v1.1.1(showthread.php) SQL Injection Exploit

---------------------------------- foud by: Breeeeh Site: http://www.alshmokh.com Email: [email protected] ---------------------------------- $query = $db-query"SELECT pid FROM ".TABLEPREFIX."posts WHERE tid='$tid' $visible ORDER BY dateline LIMIT $start, $perpage"; while$getid =...