好得很程序员自学网

<tfoot draggable='sEl'></tfoot>

关于Macromedia Dreamweaver Remote Database Scripts这个

今天扫到一个这样的 漏洞 ,在网上搜了半天没发现有利用方法所以找啊找文件,终于找到。。     MMHTTPDB.php:   <?php       if(extension_loaded("mbstring"))   {       $acceptCharsetHeader = "Accept-Charset: " . mb_internal_encoding();       header( $acceptCharsetHeader );       $head = "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . mb_http_output() . "'></head>";       echo( $head );   }       // Build connection object   //if ($connType == "MYSQL")   if ($_POST['Type'] == "MYSQL")   {       require("./mysql.php");       $oConn = new MySqlConnection($_POST['ConnectionString'],  $_POST['Timeout'],  $_POST['Host'],  $_POST['Database'],  $_POST['UserName'],  $_POST['Password']);   }       // Process opCode www.2cto.com   if ($oConn)   {       $oConn->Open();           if ($_POST['opCode'] == "IsOpen")           echo($oConn->TestOpen());       elseif ($oConn->connectionId && $oConn->isOpen)       {           if       ($_POST['opCode'] == "GetTables")                 echo($oConn->GetTables());           elseif ($_POST['opCode'] == "GetColsOfTable")             echo($oConn->GetColumnsOfTable($_POST['TableName']));           elseif ($_POST['opCode'] == "ExecuteSQL")                 echo($oConn->ExecuteSQL($_POST['SQL'],  $_POST['MaxRows']));           elseif ($_POST['opCode'] == "GetODBCDSNs")                 echo($oConn->GetDatabaseList());           elseif ($_POST['opCode'] == "SupportsProcedure")         echo($oConn->SupportsProcedure());           elseif ($_POST['opCode'] == "GetProviderTypes")         echo($oConn->GetProviderTypes());           elseif ($_POST['opCode'] == "GetViews")                 echo($oConn->GetViews());           elseif ($_POST['opCode'] == "GetProcedures")             echo($oConn->GetProcedures());           elseif ($_POST['opCode'] == "GetParametersOfProcedure") echo($oConn->GetParametersOfProcedure($_POST['ProcName']));           elseif ($_POST['opCode'] == "ReturnsResultset")         echo($oConn->ReturnsResultSet($_POST['RRProcName']));           elseif ($_POST['opCode'] == "ExecuteSP")                 echo($oConn->ExecuteSP($_POST['ExecProcName'],  0,  $_POST['ExecProcParameters']));           elseif ($_POST['opCode'] == "GetKeysOfTable")             echo($oConn->GetPrimaryKeysOfTable($_POST['TableName']));       }           // if (!$oConn->isOpen)       // handle exception is actually called by TestOpen,  so this call is not needed       //    echo($oConn->HandleException());           $oConn->Close();   }       echo( "</html>" );   ?>       从代码上可以看到如果存在mysql.php并且可以链接的话就可以对 数据库 操作。     _mmServerScripts/MMHTTPDB.php   作者 幻泉之洲

查看更多关于关于Macromedia Dreamweaver Remote Database Scripts这个的详细内容...

声明:本文来自网络,不代表【好得很程序员自学网】立场,转载请注明出处:http://haodehen.cn/did12423
  阅读:43次

上一篇: PHP Gift Registry 1.5.5 sql注射及修复 - 网站安全 - 自

下一篇:creasant digital CMS注入及获取webshell - 网站安全 - 自

相关资讯