Korea website ေတြကိုမွ ကပ်င္းခ်င္တယ္ဆုိရင္ေတာ့.. ဒီနည္းေလးကအဆင္ေျပပါလိမ့္မယ္။
Blind Sqli အမ်ဳိးအစားေလးတစ္မ်ဳိးပါဘဲ.
DORK : inurl:/autocart/market/
Dork သုံးတဲ့ေနရာမွာေတာ့ php?="Someone" ကိုလိုက္ရွာရပါလိမ့္မယ္ျပီးမွ exploit ေပါက္လုိက္စစ္ရမွာျဖစ္ပါတယ္..
ဥပမာဆုိဒ္ေလးေတြၾကည့္ၾကည့္လုိက္ပါအုံး..
Demo
http://www.iganaland.com/autocart/market/play/product_list.php?category_num=46'
http://www.kin.or.kr/autocart/market/board/board_read.php?index_no=2601&bbs_no=6'
No comments:
Post a Comment