From ca0126af9bc214a754f6908ff485d637fbb28306 Mon Sep 17 00:00:00 2001
From: xiaoheihei1107 <62200676+xiaoheihei1107@users.noreply.github.com>
Date: Thu, 16 Sep 2021 18:00:33 +0800
Subject: [PATCH] Add CRMEB DaTong sid sqli

---
 CRMEB/DaTong_sid_sqli/README.md | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 CRMEB/DaTong_sid_sqli/README.md

diff --git a/CRMEB/DaTong_sid_sqli/README.md b/CRMEB/DaTong_sid_sqli/README.md
new file mode 100644
index 0000000..f22b228
--- /dev/null
+++ b/CRMEB/DaTong_sid_sqli/README.md
@@ -0,0 +1,9 @@
+# CRMEB DaTong sid sqli
+
+CRMEB open version v4 is a free and open source mall system, UINAPP+thinkphp6 framework mall. The sid parameter under the path of CRMEB open version /api/products has unfiltered SQL statement splicing, resulting in SQL injection.
+
+FOFA **query rule**: [body="CRMEB" && body="/h5/js/app"](https://fofa.so/result?qbase64=Ym9keT0iQ1JNRUIiICYmIGJvZHk9Ii9oNS9qcy9hcHAi)
+
+# Demo
+
+![CRMEB_DaTong_sid_sqli](CRMEB_DaTong_sid_sqli.gif)