BeesCMS _V4.0_R_20160525 SQL注射(突破全局防护)

Basic Fields

SSV ID:
SSV-92449
Find Time:
Unknown
Submit Time:
2016-09-29
Level:
Category:
SQL 注入
Component:
BEESCMS
Author:
Unknown
Submitter:
0h1in9e
CVE-ID:
Add
CNNVD-ID:
Add
CNVD-ID:
Add
ZoomEye Dork:
Add

Source

Detail

Contributor 0h1in9e Got  0KB
Loading icon
bigcow phpoop etc 24  exchange

PoC

Unavailable PoC

Reference Linking

Solutions

Temp Solutions

Unavailable Temp Solutions

Official Solution

Unavailable Official solution

Defense Solutions

Unavailable Defense Solutions

Popularity 8052
Need to bind phone before comment. Bind Now

All Comments (2)

  • vastian
    是否应该先判断有无文件读写权限,才能决定使用outfile? 网站根目录的路径如何拿到?@@datadir? (萌新一只,学习中...)
    • 0h1in9e
      @@datadir是获取数据库路径的,网站路径这里可以通过报错获取,产生warring报错即可获取网站路径
    2F
  • fl_value函数的正则验证需要加强~
    1F

※Any content provided by this site, only to learn the code and services, not for illegal purposes