phplive support request.php文件存在SQL注入漏洞以及暴绝对路径漏洞

2006-12-15T00:00:00
ID SSV:930
Type seebug
Reporter Root
Modified 2006-12-15T00:00:00

Description

暂无

php live <=3.2.2 无

                                        
                                            
                                                 http://xxx.com/livechat/request.php?l=[login]&amp;x=1%20and%20(select%20count(*)%20from%20mysql.user)&gt;0/* 
表: chat_admin 
[login] [password]
----------------------------------------------------------
绝对路径 http://xxx.co