信息来源:h4x0r's blog

前段时间就知道动易不止一个洞,这又被人放出来,
通杀ACC,MSSQL 后面就是SQL语句啦

返回信息：
Microsoft OLE DB Provider for SQL Server 错误 '80040e14'
字符串 'shi'' 之前有未闭合的引号。
/region.asp，行 32

针对mssql的
NBSI 直接列目录 >备份> ok!

此乃居家旅行,杀人越货

钓鱼,钓MM,社工等一系列动机的必备之物

» 阅读全文

传说中的phpwind 0day?

The exploiet Of The All Phpwind Version
爆admin的密码散列.
速度极慢...要有耐心

请自行修改
$path="/search.php"; 这个不用改
$server='luoq.net'; 改成目标地址
$cookie=' 你抓的cookies!

喜欢的朋友可以做个GUI界面出来!

» 阅读全文

---------------------------------------------------------------------------
discuz! 5.0.0 GBK SQL injection / admin credentials disclosure exploit
by rgod rgod@autistici.org
site: http://retrogod.altervista.org
dorks: "powered by discuz! 5.0.0
"powered by discuz!
---------------------------------------------------------------------------

» 阅读全文

来源：# milw0rm.com
exploit::rras_ms06_025_rasman
##
# This file is part of the Metasploit Framework and may be redistributed
# according to the licenses defined in the Authors field below. In the
# case of an unknown or missing license, this file defaults to the same
# license as the core Framework (dual GPLv2 and Artistic). The latest
# version of the Framework can always be obtained from metasploit.com.
##

package Msf::Exploit::rras_ms06_025_rasman;
use base "Msf::Exploit";

» 阅读全文