mirror of
https://github.com/gobysec/GobyVuls.git
synced 2025-05-05 10:16:59 +00:00
CRMEB DaTong sid sqli
CRMEB open version v4 is a free and open source mall system, UINAPP+thinkphp6 framework mall. The sid parameter under the path of CRMEB open version /api/products has unfiltered SQL statement splicing, resulting in SQL injection.
FOFA query rule: body="CRMEB" && body="/h5/js/app"
Demo
